filecopy: really do not use O_TMPFILE when use_tmpfile==0

When file opened with O_TMPFILE but use_tmpfile==0, the file will not be linked to the directory (the code at the end of process_one_file_reg). Additionally it is waste of time trying using O_TMPFILE when it's already known it shouldn't be. Also use_tmpfile==0 can mean we don't have access to /proc (set_procfs_fd wasn't called), so even if linking the file to its directory would be attempted, it would fail. This is the case for dom0-updates copy.
9 years ago · d88242bb99
parent 509ae49001
commit d88242bb99
1 changed files with 10 additions and 6 deletions
--- a/qrexec-lib/unpack.c
+++ b/qrexec-lib/unpack.c
@ -104,15 +104,19 @@ void process_one_file_reg(struct file_header *untrusted_hdr,
 			  const char *untrusted_name)
 {
 	int ret;
-	int fdout;
+	int fdout = -1;

 	/* make the file inaccessible until fully written */
-	fdout = open(".", O_WRONLY | O_TMPFILE, 0700);
-	if (fdout < 0 && errno==ENOENT) {
-		/* if it fails, do not attempt further use - most likely kernel too old */
-		use_tmpfile = 0;
-		fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0000);	/* safe because of chroot */
+	if (use_tmpfile) {
+		fdout = open(".", O_WRONLY | O_TMPFILE, 0700);
+		if (fdout < 0 && errno==ENOENT) {
+			/* if it fails, do not attempt further use - most likely kernel too old */
+			use_tmpfile = 0;
+		} else
+			do_exit(errno, untrusted_name);
 	}
+	if (fdout < 0)
+		fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0000);	/* safe because of chroot */
 	if (fdout < 0)
 		do_exit(errno, untrusted_name);
 	/* sizes are signed elsewhere */