From: pacien Date: Tue, 8 Sep 2020 23:24:28 +0000 (+0200) Subject: tincctl: restrict umask argument for FORTIFY X-Git-Tag: release-1.1pre18~5 X-Git-Url: https://git.tinc-vpn.org/git/browse?a=commitdiff_plain;h=4cc4b9bcce74b3e7ec4fe539366b7cfc3b472c07;p=tinc tincctl: restrict umask argument for FORTIFY `umask(mode)` calls that do not verify `(mode & 0777) == mode` are rejected when the libc FORTIFY checks are enabled [1]. The unrestricted `~perms` was indeed making this assertion fail. [1]: https://android.googlesource.com/platform/bionic/+/refs/tags/android-11.0.0_r3/libc/bionic/fortify.cpp#404 --- diff --git a/src/tincctl.c b/src/tincctl.c index 3c7d3683..99a34c72 100644 --- a/src/tincctl.c +++ b/src/tincctl.c @@ -238,7 +238,7 @@ static bool parse_options(int argc, char **argv) { FILE *fopenmask(const char *filename, const char *mode, mode_t perms) { mode_t mask = umask(0); perms &= ~mask; - umask(~perms); + umask(~perms & 0777); FILE *f = fopen(filename, mode); if(!f) {