From cfeedadfbde084e25ace99a370f3f417b78f5df7 Mon Sep 17 00:00:00 2001
From: Warner Losh <imp@FreeBSD.org>
Date: Mon, 12 Feb 2024 11:45:20 -0700
Subject: [PATCH] reboot: Add sanity checking of write to nextboot.conf

Add sanity checking to the write to nextboot. Move to separate function
and allow force to override all errors. If we can't write nextboot.conf,
don't silently fail anymore.

Sponsored by:		Netflix
Reviewed by:		kevans, kib, markj, jhb
Differential Revision:	https://reviews.freebsd.org/D43803
---
 sbin/reboot/reboot.c | 47 ++++++++++++++++++++++++++++++++++----------
 1 file changed, 37 insertions(+), 10 deletions(-)

diff --git a/sbin/reboot/reboot.c b/sbin/reboot/reboot.c
index 4eb5e859058..74f8cf01b3b 100644
--- a/sbin/reboot/reboot.c
+++ b/sbin/reboot/reboot.c
@@ -49,17 +49,52 @@
 #include <unistd.h>
 #include <utmpx.h>
 
+#define PATH_NEXTBOOT "/boot/nextboot.conf"
+
 static void usage(void) __dead2;
 static uint64_t get_pageins(void);
 
 static bool dohalt;
 
+static void
+write_nextboot(const char *fn, const char *kernel, bool force)
+{
+	FILE *fp;
+
+#define E(...) do {				\
+		if (force) {			\
+			warn( __VA_ARGS__ );	\
+			return;			\
+		}				\
+		err(1, __VA_ARGS__);		\
+	} while (0)				\
+
+	fp = fopen(fn, "w");
+	if (fp == NULL)
+		E("Can't create %s to boot %s", fn, kernel);
+
+	if (fprintf(fp,
+	    "nextboot_enable=\"YES\"\n"
+	    "kernel=\"%s\"\n", kernel) < 0) {
+		int e;
+
+		e = errno;
+		fclose(fp);
+		if (unlink(fn))
+			warn("unlink %s", fn);
+		errno = e;
+		E("Can't write %s", fn);
+	}
+	fclose(fp);
+#undef E
+}
+
 int
 main(int argc, char *argv[])
 {
 	struct utmpx utx;
 	const struct passwd *pw;
-	int ch, howto, i, fd, sverrno;
+	int ch, howto, i, sverrno;
 	bool fflag, lflag, nflag, qflag, Nflag;
 	uint64_t pageins;
 	const char *user, *kernel = NULL;
@@ -147,15 +182,7 @@ main(int argc, char *argv[])
 				errx(1, "%s is not a file", k);
 			free(k);
 		}
-		fd = open("/boot/nextboot.conf", O_WRONLY | O_CREAT | O_TRUNC,
-		    0444);
-		if (fd > -1) {
-			(void)write(fd, "nextboot_enable=\"YES\"\n", 22);
-			(void)write(fd, "kernel=\"", 8L);
-			(void)write(fd, kernel, strlen(kernel));
-			(void)write(fd, "\"\n", 2);
-			close(fd);
-		}
+		write_nextboot(PATH_NEXTBOOT, kernel, fflag);
 	}
 
 	/* Log the reboot. */