From 589ef1797741a18be8d1a16a14f4af05216d1efe Mon Sep 17 00:00:00 2001
From: Tokunori Ikegami <ikegami.t@gmail.com>
Date: Sun, 11 Feb 2024 21:33:04 +0900
Subject: [PATCH] plugins/micron: Fix code scanning alert

Fix the time-of-check time-of-use filesystem race condition.

To use setuid() described by the JPCERT CC document as below.
  <https://www.jpcert.or.jp/research/2009/6_File_IO_Part3.pdf>
    Page 53: TOCTUC race condition measure example.
             To check the permission as same with access() function,
             Set the real user ID as the effective user ID.
             Then the race window closed between checking and using.

  Note: The example for fopen() but the fix for mkdir() and rmdir().

Signed-off-by: Tokunori Ikegami <ikegami.t@gmail.com>
---
 plugins/micron/micron-nvme.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/micron/micron-nvme.c b/plugins/micron/micron-nvme.c
index 63a7a7950e..4820eea134 100644
--- a/plugins/micron/micron-nvme.c
+++ b/plugins/micron/micron-nvme.c
@@ -311,7 +311,7 @@ static int SetupDebugDataDirectories(char *strSN, char *strFilePath,
 		j++;
 	}
 
-	if (mkdir(strMainDirName, 0777) < 0) {
+	if (setuid(getuid()) || mkdir(strMainDirName, 0777) < 0) {
 		err = -1;
 		goto exit_status;
 	}
@@ -331,7 +331,7 @@ static int SetupDebugDataDirectories(char *strSN, char *strFilePath,
 				rmdir(strOSDirName);
 			rmdir(strMainDirName);
 			err = -1;
-	}
+		}
 	}
 
 exit_status: