From 16bc9feda8e793fd74b1d8131b01a18d212acb9f Mon Sep 17 00:00:00 2001
From: Leah Rowe <leah@libreboot.org>
Date: Sat, 28 Mar 2026 09:16:05 +0000
Subject: mkhtemp: use O_NOFOLLOW in same_dir

we have a policy:
symlinks do not exist.

Signed-off-by: Leah Rowe <leah@libreboot.org>
---
 util/libreboot-utils/lib/mkhtemp.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'util/libreboot-utils/lib/mkhtemp.c')

diff --git a/util/libreboot-utils/lib/mkhtemp.c b/util/libreboot-utils/lib/mkhtemp.c
index dda5eed4..532d93c7 100644
--- a/util/libreboot-utils/lib/mkhtemp.c
+++ b/util/libreboot-utils/lib/mkhtemp.c
@@ -327,11 +327,11 @@ same_dir(const char *a, const char *b)
 	if (rval_scmp == 0)
 		goto success_same_dir;
 
-	fd_a = fs_open(a, O_RDONLY | O_DIRECTORY);
+	fd_a = fs_open(a, O_RDONLY | O_DIRECTORY | O_NOFOLLOW);
 	if (fd_a < 0)
 		goto err_same_dir;
 
-	fd_b = fs_open(b, O_RDONLY | O_DIRECTORY);
+	fd_b = fs_open(b, O_RDONLY | O_DIRECTORY | O_NOFOLLOW);
 	if (fd_b < 0)
 		goto err_same_dir;
 
@@ -906,6 +906,8 @@ int secure_file(int *fd,
 		if (lock_file(*fd, flags) == -1)
 			goto err_demons;
 
+		/* TODO: why would this be NULL? audit
+		 * to find out. we should always verify! */
 		if (expected != NULL)
 			if (fd_verify_identity(*fd, expected, &st_now) < 0)
 				goto err_demons;
-- 
cgit v1.2.1