From faab30461b0f2b920e3dd19489ce458c0b38e6d9 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Wed, 24 Feb 2021 21:06:48 +0100
Subject: If restricting access via umask() fails, don't include errno in the
 error message.

errno is not set on umask failure, see
https://perldoc.perl.org/functions/umask.
---
 Changelog      | 2 ++
 lacme          | 4 ++--
 lacme-accountd | 4 ++--
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/Changelog b/Changelog
index 1682847..e047ac5 100644
--- a/Changelog
+++ b/Changelog
@@ -236,6 +236,8 @@ lacme (0.2) upstream;
     directories.  New default "lacme-certs.conf lacme-certs.conf.d/".
   - Minor manpage fixes
   - More useful message upon Validation Challenge failure.
+  - If restricting access via umask() fails, don't include errno in the
+    error message as it's not set on failure.
 
  -- Guilhem Moulin <guilhem@guilhem.org>  Sat, 03 Dec 2016 16:40:56 +0100
 
diff --git a/lacme b/lacme
index 66dd6f6..fb19646 100755
--- a/lacme
+++ b/lacme
@@ -376,14 +376,14 @@ sub spawn_webserver() {
 
         if ($domain == AF_UNIX) {
             # bind(2) with a loose umask(2) to allow anyone to connect
-            my $umask = umask(0111) // die "umask: $!";
+            my $umask = umask(0111) // die;
             my $path = Socket::unpack_sockaddr_un($sockaddr);
             bind($sock, $sockaddr) or die "Couldn't bind to $p: $!";
             push @CLEANUP, sub() {
                 print STDERR "Unlinking $path\n" if $OPTS{debug};
                 unlink $path or warn "Warning: Couldn't unlink $path: $!";
             };
-            umask($umask) // die "umask: $!";
+            umask($umask) // die;
         }
         else {
             bind($sock, $sockaddr) or die "Couldn't bind to $p: $!";
diff --git a/lacme-accountd b/lacme-accountd
index a35ac88..98c11ad 100755
--- a/lacme-accountd
+++ b/lacme-accountd
@@ -215,7 +215,7 @@ unless (defined $OPTS{stdio}) {
     my @stat = stat($dirname) or error("stat($dirname): $!");
     error("Insecure permissions on $dirname") if ($stat[2] & 0022) != 0;
 
-    my $umask = umask(0177) // panic("umask: $!");
+    my $umask = umask(0177) // panic();
 
     logmsg($LOG_VERBOSE => "Starting lacme Account Key Manager at $sockname");
     socket(my $sock, PF_UNIX, SOCK_STREAM, 0) or panic("socket: $!");
@@ -225,7 +225,7 @@ unless (defined $OPTS{stdio}) {
     ($SOCKNAME, $S) = ($sockname, $sock);
     listen($S, 1) or panic("listen: $!");
 
-    umask($umask) // panic("umask: $!");
+    umask($umask) // panic();
 };
 
 
-- 
cgit v1.2.3