qpkg: try to fix Coverity 125940 Time of check time of use

first perform the unlink, then open the object, and perform stat + chmod
on it, if necessary

Signed-off-by: Fabian Groffen <grobian@gentoo.org>

1 files changed, 15 insertions, 13 deletions

diff --git a/qpkg.c b/qpkg.c
index 3602acf5..1b654a68 100644
--- a/qpkg.c
+++ b/qpkg.c
@@ -349,6 +349,7 @@ int qpkg_main(int argc, char **argv)
 	depend_atom *atom;
 	int restrict_chmod = 0;
 	int qclean = 0;
+	int fd;
 
 	qpkg_bindir = pkgdir;
 	while ((i = GETOPT_LONG(QPKG, qpkg, "")) != -1) {
@@ -374,20 +375,21 @@ int qpkg_main(int argc, char **argv)
 	/* setup temp dirs */
 	if (qpkg_bindir[0] != '/')
 		err("'%s' is not a valid package destination", qpkg_bindir);
-	for (i = 0; i <= 1; i++) {
-		if (mkdir(qpkg_bindir, 0750) == -1) {
-			if (lstat(qpkg_bindir, &st) == 0 && !S_ISDIR(st.st_mode)) {
-				unlink(qpkg_bindir);
-				continue;
-			}
-			if (!restrict_chmod)
-				if (chmod(qpkg_bindir, 0750))
-					errp("could not chmod(0750) temp bindir '%s'", qpkg_bindir);
-		}
-		break;
-	}
-	if (i == 2)
+	/* brute force just unlink any file or symlink, if this fails, it's
+	 * actually good ;) */
+	unlink(qpkg_bindir);
+	fd = open(qpkg_bindir, O_RDONLY);
+	if ((fd == -1 && mkdir(qpkg_bindir, 0750) == -1) ||
+			(fd != -1 && (fstat(fd, &st) == -1 || !S_ISDIR(st.st_mode))))
+	{
 		errp("could not create temp bindir '%s'", qpkg_bindir);
+	} else {
+		/* fd is valid, pointing to a directory */
+		if (!restrict_chmod)
+			if (fchmod(fd, 0750) < 0)
+				errp("could not chmod(0750) temp bindir '%s'", qpkg_bindir);
+	}
+	close(fd);
 
 	/* we have to change to the root so that we can feed the full paths
 	 * to tar when we create the binary package. */