X-Git-Url: http://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Flibadacl.c;h=b8f609989f8e962e37bb2ce95c3154131f777947;hb=a940e75467931de75e969b3de97f21698ec6fa08;hp=36812e8af3dd18a4dbfd96f7c7b769865d90298d;hpb=ee4b602d26225bb5a548eaeb7bd570adaa48721a;p=apply-default-acl.git

diff --git a/src/libadacl.c b/src/libadacl.c
index 36812e8..b8f6099 100644
--- a/src/libadacl.c
+++ b/src/libadacl.c
@@ -672,14 +672,19 @@ int apply_default_acl_ex(const char* path,
   /* The file descriptor for the directory containing "path" */
   int parent_fd = 0;
 
+  /* dirname() and basename() mangle their arguments, so we need
+     to make copies of "path" before using them. */
+  char* dirname_path_copy = NULL;
+  char* basename_path_copy = NULL;
+
   /* Get the parent directory of "path" with dirname(), which happens
    * to murder its argument and necessitates a path_copy. */
-  char* path_copy = strdup(path);
-  if (path_copy == NULL) {
+  dirname_path_copy = strdup(path);
+  if (dirname_path_copy == NULL) {
     perror("apply_default_acl_ex (strdup)");
     return ACL_ERROR;
   }
-  char* parent = dirname(path_copy);
+  char* parent = dirname(dirname_path_copy);
   parent_fd = safe_open(parent, O_DIRECTORY | O_NOFOLLOW);
   if (parent_fd == OPEN_ERROR) {
     if (errno == ELOOP || errno == ENOTDIR) {
@@ -702,7 +707,16 @@ int apply_default_acl_ex(const char* path,
     goto cleanup;
   }
 
-  fd = safe_open(path, O_NOFOLLOW);
+  /* We already obtained the parent fd safely, so if we use the
+     basename of path here instead of the full thing, then we can get
+     away with using openat() and spare ourselves the slowness of
+     another safe_open(). */
+  basename_path_copy = strdup(path);
+  if (basename_path_copy == NULL) {
+    perror("apply_default_acl_ex (strdup)");
+    return ACL_ERROR;
+  }
+  fd = openat(parent_fd, basename(basename_path_copy), O_NOFOLLOW);
   if (fd == OPEN_ERROR) {
     if (errno == ELOOP || errno == ENOTDIR) {
       /* We hit a symlink, either in the last path component (ELOOP)
@@ -789,7 +803,7 @@ int apply_default_acl_ex(const char* path,
   }
 
   /* There's a good reason why we saved the ACL above, even though
-   * we're about tto read it back into memory and mess with it on the
+   * we're about to read it back into memory and mess with it on the
    * next line. The acl_copy_xattr() function is already a hack to let
    * us copy default ACLs without resorting to path names; we simply
    * have no way to read the parent's default ACL into memory using
@@ -800,7 +814,7 @@ int apply_default_acl_ex(const char* path,
   */
 
   /* Now we potentially need to mask the execute permissions in the
-     ACL on fd; or maybe now. */
+     ACL on fd; or maybe not. */
   if (allow_exec) {
     goto cleanup;
   }
@@ -890,13 +904,11 @@ int apply_default_acl_ex(const char* path,
   }
 
  cleanup:
-  free(path_copy);
-  if (new_acl != (acl_t)NULL) {
-    acl_free(new_acl);
-  }
-  if (new_acl_unmasked != (acl_t)NULL) {
-    acl_free(new_acl_unmasked);
-  }
+  free(dirname_path_copy);
+  free(basename_path_copy);
+  acl_free(new_acl);
+  acl_free(new_acl_unmasked);
+
   if (fd > 0 && close(fd) == CLOSE_ERROR) {
     perror("apply_default_acl_ex (close fd)");
     result = ACL_ERROR;