tincctl: restrict umask argument for FORTIFY

`umask(mode)` calls that do not verify `(mode & 0777) == mode` are
rejected when the libc FORTIFY checks are enabled [1].

The unrestricted `~perms` was indeed making this assertion fail.

[1]: https://android.googlesource.com/platform/bionic/+/refs/tags/android-11.0.0_r3/libc/bionic/fortify.cpp#404

diff --git a/src/tincctl.c b/src/tincctl.c
index 3c7d368..99a34c7 100644 (file)
--- a/src/tincctl.c
+++ b/src/tincctl.c
@@ -238,7 +238,7 @@ static bool parse_options(int argc, char **argv) {
 FILE *fopenmask(const char *filename, const char *mode, mode_t perms) {
        mode_t mask = umask(0);
        perms &= ~mask;
-       umask(~perms);
+       umask(~perms & 0777);
        FILE *f = fopen(filename, mode);
 
        if(!f) {