#4489: Use dir_fd in rmdir in _rmtree_safe_fd()

Now that rmdir supports dir_fd, we also use it. Attackers can't even delete
empty directories anymore.

diff --git a/Lib/shutil.py b/Lib/shutil.py
index da5a98e6bbbc7bc22faad7e224a4f83793896367..99e4017d860da229ab291831fe945a120a3503eb 100644 (file)
--- a/Lib/shutil.py
+++ b/Lib/shutil.py
@@ -393,6 +393,10 @@ def _rmtree_safe_fd(topfd, path, onerror):
                 try:
                     if os.path.samestat(orig_st, os.fstat(dirfd)):
                         _rmtree_safe_fd(dirfd, fullname, onerror)
+                        try:
+                            os.rmdir(name, dir_fd=topfd)
+                        except os.error:
+                            onerror(os.rmdir, fullname, sys.exc_info())
                 finally:
                     os.close(dirfd)
         else:
@@ -400,10 +404,6 @@ def _rmtree_safe_fd(topfd, path, onerror):
                 os.unlink(name, dir_fd=topfd)
             except os.error:
                 onerror(os.unlink, fullname, sys.exc_info())
-    try:
-        os.rmdir(path)
-    except os.error:
-        onerror(os.rmdir, path, sys.exc_info())
 
 _use_fd_functions = (os.unlink in os.supports_dir_fd and
                      os.open in os.supports_dir_fd)
@@ -445,6 +445,10 @@ def rmtree(path, ignore_errors=False, onerror=None):
             if (stat.S_ISDIR(orig_st.st_mode) and
                 os.path.samestat(orig_st, os.fstat(fd))):
                 _rmtree_safe_fd(fd, path, onerror)
+                try:
+                    os.rmdir(path)
+                except os.error:
+                    onerror(os.rmdir, path, sys.exc_info())
             else:
                 raise NotADirectoryError(20,
                                          "Not a directory: '{}'".format(path))