misc/install-xattr: correct potential fork bomb

The which() function compares portage_helper_path, to canpath
and skips it when appropriate:

	if (portage_helper_path)
		if (!strcmp(portage_helper_path, canpath))
			goto skip;

However, portage_helper_path has not been canonicalized with
the realpath function, so strcmp can return false even though
the paths are equivalent.  This may occurs when /usr/lib is a
symlink to /usr/lib64.

X-Gentoo-Bug: 523994
X-Gentoo-Bug-URL: https://bugs.gentoo.org/523994

1 files changed, 5 insertions, 1 deletions

diff --git a/misc/install-xattr/install-xattr.c b/misc/install-xattr/install-xattr.c
index 805c0a4..2f349df 100644
--- a/misc/install-xattr/install-xattr.c
+++ b/misc/install-xattr/install-xattr.c
@@ -325,6 +325,7 @@ main(int argc, char* argv[])
 	 */
 	char *oldpwd = getenv("OLDPWD");
 	char *portage_helper_path = getenv("__PORTAGE_HELPER_PATH");
+	char *portage_helper_canpath = NULL;
 	if (portage_helper_path)
 		chdir(oldpwd);
 
@@ -334,8 +335,11 @@ main(int argc, char* argv[])
 
 		case 0:
 			/* find system install avoiding mypath and portage_helper_path! */
-			install = which(mypath, portage_helper_path);
+			if (portage_helper_path)
+				portage_helper_canpath = realpath(portage_helper_path, NULL);
+			install = which(mypath, portage_helper_canpath);
 			free(mypath);
+			free(portage_helper_canpath);
 			argv[0] = install;        /* so coreutils' lib/program.c behaves  */
 			execv(install, argv);     /* The kernel will free(install).       */
 			err(1, "execv() failed");