On Fri, May 20, 2022 at 3:20 PM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Do not check for file existence and open afterwards, open with the
> exclusive flag (supported in Glibc and musl 0.9.6 and also standardized
> in C11).
>
> Found by GitHub CodeQL.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
This looks good to me.
Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Thanks!
> ---
> policycoreutils/semodule/semodule.c | 13 +++++--------
> 1 file changed, 5 insertions(+), 8 deletions(-)
>
> diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
> index 1ed8e690..48bc28dd 100644
> --- a/policycoreutils/semodule/semodule.c
> +++ b/policycoreutils/semodule/semodule.c
> @@ -550,15 +550,12 @@ int main(int argc, char *argv[])
> goto cleanup_extract;
> }
>
> - if (access(output_path, F_OK) == 0) {
> - fprintf(stderr, "%s: %s is already extracted with extension %s.\n", argv[0], mode_arg, lang_ext);
> - result = -1;
> - goto cleanup_extract;
> - }
> -
> - output_fd = fopen(output_path, "w");
> + output_fd = fopen(output_path, "wx");
> if (output_fd == NULL) {
> - fprintf(stderr, "%s: Unable to open %s\n", argv[0], output_path);
> + if (errno == EEXIST)
> + fprintf(stderr, "%s: %s is already extracted with extension %s.\n", argv[0], mode_arg, lang_ext);
> + else
> + fprintf(stderr, "%s: Unable to open %s: %s\n", argv[0], output_path, strerror(errno));
> result = -1;
> goto cleanup_extract;
> }
> --
> 2.36.1
>
