semodule: avoid toctou on output module

Do not check for file existence and open afterwards, open with the exclusive flag (supported in Glibc and musl 0.9.6 and also standardized in C11). Found by GitHub CodeQL. Signed-off-by: Christian Göttsche <[email protected]> Acked-by: Nicolas Iooss <[email protected]>
SELinuxProject · Jun 2, 2022 · 6d02b2f · 6d02b2f
1 parent dd98fa3
commit 6d02b2f
Showing 1 changed file with 5 additions and 8 deletions.
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
@@ -550,15 +550,12 @@ int main(int argc, char *argv[])
  goto cleanup_extract;
  }
 
- if (access(output_path, F_OK) == 0) {
- fprintf(stderr, "%s: %s is already extracted with extension %s.\n", argv[0], mode_arg, lang_ext);
- result = -1;
- goto cleanup_extract;
- }
-
- output_fd = fopen(output_path, "w");
+ output_fd = fopen(output_path, "wx");
  if (output_fd == NULL) {
- fprintf(stderr, "%s: Unable to open %s\n", argv[0], output_path);
+ if (errno == EEXIST)
+ fprintf(stderr, "%s: %s is already extracted with extension %s.\n", argv[0], mode_arg, lang_ext);
+ else
+ fprintf(stderr, "%s: Unable to open %s: %s\n", argv[0], output_path, strerror(errno));
  result = -1;
  goto cleanup_extract;
  }