From 6d02b2fa29954e239721907e1fce238f25ea4f2f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 20 May 2022 15:19:52 +0200
Subject: [PATCH] semodule: avoid toctou on output module
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-type: text/plain

Do not check for file existence and open afterwards, open with the
exclusive flag (supported in Glibc and musl 0.9.6 and also standardized
in C11).

Found by GitHub CodeQL.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 policycoreutils/semodule/semodule.c | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
index 1ed8e69054e0..48bc28dd0973 100644
--- a/policycoreutils/semodule/semodule.c
+++ b/policycoreutils/semodule/semodule.c
@@ -550,15 +550,12 @@ int main(int argc, char *argv[])
 					goto cleanup_extract;
 				}
 
-				if (access(output_path, F_OK) == 0) {
-					fprintf(stderr, "%s: %s is already extracted with extension %s.\n", argv[0], mode_arg, lang_ext);
-					result = -1;
-					goto cleanup_extract;
-				}
-
-				output_fd = fopen(output_path, "w");
+				output_fd = fopen(output_path, "wx");
 				if (output_fd == NULL) {
-					fprintf(stderr, "%s: Unable to open %s\n", argv[0], output_path);
+					if (errno == EEXIST)
+						fprintf(stderr, "%s: %s is already extracted with extension %s.\n", argv[0], mode_arg, lang_ext);
+					else
+						fprintf(stderr, "%s: Unable to open %s:  %s\n", argv[0], output_path, strerror(errno));
 					result = -1;
 					goto cleanup_extract;
 				}
-- 
2.38.1