From 1a33a37acabe39dd33cb13db05517542f9b4b30d Mon Sep 17 00:00:00 2001
From: Michael Shigorin <mike@altlinux.org>
Date: Tue, 29 Mar 2022 12:19:59 +0300
Subject: [PATCH] tar2fs: avoid losetup race

There's a race condition (TOCTOU) between losetup --find
and applying the obtained path after additional dd in between;
twice awful as *at least* running both losetups closely would
reduce the window significantly, and reading the manpage
properly back then would eliminate this.

Reported-by: Anton Midyukov <antohami@altlinux.org>
Suggested-by: Gleb F-Malinovskiy <glebfm@altlinux.org>
---
 bin/tar2fs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bin/tar2fs b/bin/tar2fs
index 984d1e9f..e890c125 100755
--- a/bin/tar2fs
+++ b/bin/tar2fs
@@ -165,7 +165,6 @@ for i in losetup sfdisk parted kpartx $MKFS; do
 	fi
 done
 
-LOOPDEV="$(losetup --find)"	# would be sad about non-binary megabytes too
 ROOTFS="$WORKDIR/chroot"
 
 BOOTFS=
@@ -204,7 +203,8 @@ trap exit_handler EXIT ERR
 rm -f -- "$IMG"
 OFFSET="$(($CUR_BOUNDARY + $EFIPARTSIZEM + $BOOTLOADERPARTSIZEM + $BOOTSIZEM + $ROOTSIZEM - 1))"
 dd if=/dev/zero of="$IMG" conv=notrunc bs=$MB count=1 seek="$OFFSET"
-losetup "$LOOPDEV" "$IMG"
+losetup -f "$IMG"
+LOOPDEV=$(losetup -j "$IMG" | cut -f 1 -d ':')
 
 parting mklabel "$PARTTABLE"