From: pacien <pacien.trangirard@pacien.net>
Date: Tue, 8 Sep 2020 23:24:28 +0000 (+0200)
Subject: tincctl: restrict umask argument for FORTIFY
X-Git-Tag: release-1.1pre18~5
X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=4cc4b9bcce74b3e7ec4fe539366b7cfc3b472c07

tincctl: restrict umask argument for FORTIFY

`umask(mode)` calls that do not verify `(mode & 0777) == mode` are
rejected when the libc FORTIFY checks are enabled [1].

The unrestricted `~perms` was indeed making this assertion fail.

[1]: https://android.googlesource.com/platform/bionic/+/refs/tags/android-11.0.0_r3/libc/bionic/fortify.cpp#404
---

diff --git a/src/tincctl.c b/src/tincctl.c
index 3c7d3683..99a34c72 100644
--- a/src/tincctl.c
+++ b/src/tincctl.c
@@ -238,7 +238,7 @@ static bool parse_options(int argc, char **argv) {
 FILE *fopenmask(const char *filename, const char *mode, mode_t perms) {
 	mode_t mask = umask(0);
 	perms &= ~mask;
-	umask(~perms);
+	umask(~perms & 0777);
 	FILE *f = fopen(filename, mode);
 
 	if(!f) {