Delay chdir to the cache directory to after parsing the tal files.

Using the -t option relative locations can be passed as tal locations
and so the process can not chdir until these files were read.
OK job@

1 files changed, 13 insertions, 5 deletions

diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c
index 07be2038cb6..d586b11cb9c 100644
--- a/usr.sbin/rpki-client/main.c
+++ b/usr.sbin/rpki-client/main.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.120 2021/03/18 14:05:44 claudio Exp $ */
+/*	$OpenBSD: main.c,v 1.121 2021/03/19 09:43:59 claudio Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -962,10 +962,6 @@ main(int argc, char *argv[])
 	if (talsz == 0)
 		err(1, "no TAL files found in %s", "/etc/rpki");
 
-	/* change working directory to the cache directory */
-	if (fchdir(cachefd) == -1)
-		err(1, "fchdir");
-
 	/*
 	 * Create the file reader as a jailed child process.
 	 * It will be responsible for reading all of the files (ROAs,
@@ -980,6 +976,10 @@ main(int argc, char *argv[])
 	if (procpid == 0) {
 		close(fd[1]);
 
+		/* change working directory to the cache directory */
+		if (fchdir(cachefd) == -1)
+			err(1, "fchdir");
+
 		/* Only allow access to the cache directory. */
 		if (unveil(".", "r") == -1)
 			err(1, "%s: unveil", cachedir);
@@ -1009,6 +1009,10 @@ main(int argc, char *argv[])
 			close(proc);
 			close(fd[1]);
 
+			/* change working directory to the cache directory */
+			if (fchdir(cachefd) == -1)
+				err(1, "fchdir");
+
 			if (pledge("stdio rpath proc exec unveil", NULL) == -1)
 				err(1, "pledge");
 
@@ -1087,6 +1091,10 @@ main(int argc, char *argv[])
 	for (i = 0; i < talsz; i++)
 		queue_add_tal(tals[i]);
 
+	/* change working directory to the cache directory */
+	if (fchdir(cachefd) == -1)
+		err(1, "fchdir");
+
 	while (entity_queue > 0 && !killme) {
 		pfd[0].events = POLLIN;
 		if (rsyncq.queued)