From b7d91e47479837e8c5620cebef2685b638bc8e76 Mon Sep 17 00:00:00 2001 From: Joachim Wiberg Date: Sat, 25 Oct 2025 08:09:39 +0200 Subject: [PATCH] bin: fix Coverity Scan issues in copy command Address two issues identified by Coverity Scan: 1. CID 550484 (TOCTOU): Remove access() check before realpath() - realpath() already fails if file doesn't exist, making the access() check redundant and introducing a TOCTOU race - Simplifies code while improving security 2. CID 550483 (CHECKED_RETURN): Mark unchecked remove() calls - Add (void) cast to two remove() calls to explicitly indicate we don't care about the return value - These are cleanup operations for temp files where failure is acceptable, even expected Signed-off-by: Joachim Wiberg --- src/bin/copy.c | 4 ++-- src/bin/util.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/bin/copy.c b/src/bin/copy.c index bc3d14cd7..945affe4c 100644 --- a/src/bin/copy.c +++ b/src/bin/copy.c @@ -316,7 +316,7 @@ static int copy(const char *src, const char *dst, const char *remote_user) else { snprintf(adjust, sizeof(adjust), "/tmp/%s.cfg", srcds->name); fn = tmpfn = adjust; - remove(tmpfn); + (void)remove(tmpfn); rc = systemf("sysrepocfg -d %s -X%s -f json", srcds->sysrepocfg, fn); } @@ -378,7 +378,7 @@ static int copy(const char *src, const char *dst, const char *remote_user) } snprintf(adjust, sizeof(adjust), "/tmp/%s", fn); fn = tmpfn = adjust; - remove(tmpfn); + (void)remove(tmpfn); } else { fn = cfg_adjust(src, NULL, adjust, sizeof(adjust), sanitize); if (!fn) { diff --git a/src/bin/util.c b/src/bin/util.c index 629ecfde1..6432bf776 100644 --- a/src/bin/util.c +++ b/src/bin/util.c @@ -128,7 +128,7 @@ char *cfg_adjust(const char *fn, const char *tmpl, char *buf, size_t len, int sa } /* If file exists, resolve symlinks and verify still in whitelist */ - if (!access(fn, F_OK) && realpath(fn, resolved)) { + if (realpath(fn, resolved)) { if (!path_allowed(resolved)) return NULL; fn = resolved;