From 2739db981023373a2ddabc7b456c7e658bb4f582 Mon Sep 17 00:00:00 2001
From: Lasse Collin <lasse.collin@tukaani.org>
Date: Mon, 8 Apr 2024 17:07:08 +0300
Subject: [PATCH] xzdec: Tweak coding style and comments.

---
 src/xzdec/xzdec.c | 32 +++++++++++++++++++++-----------
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/src/xzdec/xzdec.c b/src/xzdec/xzdec.c
index ef8c80f3..adfa17e8 100644
--- a/src/xzdec/xzdec.c
+++ b/src/xzdec/xzdec.c
@@ -313,10 +313,12 @@ sandbox_enter(int src_fd)
 			STDIN_FILENO, cap_rights_clear(&rights)))
 		goto error;
 
-	if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights, CAP_WRITE)))
+	if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights,
+			CAP_WRITE)))
 		goto error;
 
-	if (cap_rights_limit(STDERR_FILENO, cap_rights_init(&rights, CAP_WRITE)))
+	if (cap_rights_limit(STDERR_FILENO, cap_rights_init(&rights,
+			CAP_WRITE)))
 		goto error;
 
 #elif defined(HAVE_PLEDGE)
@@ -325,6 +327,7 @@ sandbox_enter(int src_fd)
 		goto error;
 
 	(void)src_fd;
+
 #elif defined(HAVE_LINUX_LANDLOCK)
 	int landlock_abi = syscall(SYS_landlock_create_ruleset,
 			(void *)NULL, 0, LANDLOCK_CREATE_RULESET_VERSION);
@@ -351,6 +354,7 @@ sandbox_enter(int src_fd)
 	}
 
 	(void)src_fd;
+
 #else
 #	error ENABLE_SANDBOX is defined but no sandboxing method was found.
 #endif
@@ -367,6 +371,7 @@ error:
 	if (errno == ENOSYS)
 		return;
 #endif
+
 	my_errorf("Failed to enable the sandbox");
 	exit(EXIT_FAILURE);
 }
@@ -390,8 +395,14 @@ main(int argc, char **argv)
 #endif
 
 #ifdef HAVE_LINUX_LANDLOCK
-	// Prevent the process from gaining new privileges. The return
-	// is ignored to keep compatibility with old kernels.
+	// Prevent the process from gaining new privileges. This must be done
+	// before landlock_restrict_self(2) but since we will never need new
+	// privileges, this call can be done here already.
+	//
+	// This is supported since Linux 3.5. Ignore the return value to
+	// keep compatibility with old kernels. landlock_restrict_self(2)
+	// will fail if the no_new_privs attribute isn't set, thus if prctl()
+	// fails here the error will still be detected when it matters.
 	(void)prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
 #endif
 
@@ -438,19 +449,18 @@ main(int argc, char **argv)
 				}
 			}
 #ifdef ENABLE_SANDBOX
-			// Enable the sandbox for the last file. When the
-			// strict sandbox is enabled the process can no
-			// longer open additional files. It is likely that
-			// the most common way to use xzdec is to
-			// decompress a single file, so this fully protects
-			// most use cases.
+			// Enable the strict sandbox for the last file.
+			// Then the process can no longer open additional
+			// files. The typical xzdec use case is to decompress
+			// a single file so this way the strictest sandboxing
+			// is used in most cases.
 			if (optind == argc - 1)
 				sandbox_enter(fileno(src_file));
 #endif
 			uncompress(&strm, src_file, src_name);
 
 			if (src_file != stdin)
-				fclose(src_file);
+				(void)fclose(src_file);
 		} while (++optind < argc);
 	}