From 7607b45eae59d818fe85703ef52bf3e63f6f5394 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Wed, 21 Jan 2015 15:23:04 +0100 Subject: [PATCH] filecopy: really do not use O_TMPFILE when use_tmpfile==0 When file opened with O_TMPFILE but use_tmpfile==0, the file will not be linked to the directory (the code at the end of process_one_file_reg). Additionally it is waste of time trying using O_TMPFILE when it's already known it shouldn't be. Also use_tmpfile==0 can mean we don't have access to /proc (set_procfs_fd wasn't called), so even if linking the file to its directory would be attempted, it would fail. This is the case for dom0-updates copy. --- qrexec-lib/unpack.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/qrexec-lib/unpack.c b/qrexec-lib/unpack.c index 9a44e72..51caf94 100644 --- a/qrexec-lib/unpack.c +++ b/qrexec-lib/unpack.c @@ -104,15 +104,19 @@ void process_one_file_reg(struct file_header *untrusted_hdr, const char *untrusted_name) { int ret; - int fdout; + int fdout = -1; /* make the file inaccessible until fully written */ - fdout = open(".", O_WRONLY | O_TMPFILE, 0700); - if (fdout < 0 && errno==ENOENT) { - /* if it fails, do not attempt further use - most likely kernel too old */ - use_tmpfile = 0; - fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0000); /* safe because of chroot */ + if (use_tmpfile) { + fdout = open(".", O_WRONLY | O_TMPFILE, 0700); + if (fdout < 0 && errno==ENOENT) { + /* if it fails, do not attempt further use - most likely kernel too old */ + use_tmpfile = 0; + } else + do_exit(errno, untrusted_name); } + if (fdout < 0) + fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0000); /* safe because of chroot */ if (fdout < 0) do_exit(errno, untrusted_name); /* sizes are signed elsewhere */