From 147f0a7e02b16fe4d28e73c20919d9ad5af9617f Mon Sep 17 00:00:00 2001
From: Mike Brown <brownwm@us.ibm.com>
Date: Thu, 14 Apr 2022 01:25:30 +0000
Subject: [PATCH] check for duplicate nspath possibilities

Signed-off-by: Mike Brown <brownwm@us.ibm.com>
---
 pkg/netns/netns_linux.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/pkg/netns/netns_linux.go b/pkg/netns/netns_linux.go
index 71e9a3b63..09b5c9791 100644
--- a/pkg/netns/netns_linux.go
+++ b/pkg/netns/netns_linux.go
@@ -52,7 +52,9 @@ import (
 // path to the network namespace.
 func newNS(baseDir string) (nsPath string, err error) {
 	b := make([]byte, 16)
-	if _, err := rand.Reader.Read(b); err != nil {
+
+	_, err = rand.Read(b)
+	if err != nil {
 		return "", fmt.Errorf("failed to generate random netns name: %w", err)
 	}
 
@@ -63,10 +65,10 @@ func newNS(baseDir string) (nsPath string, err error) {
 		return "", err
 	}
 
-	// create an empty file at the mount point
+	// create an empty file at the mount point and fail if it already exists
 	nsName := fmt.Sprintf("cni-%x-%x-%x-%x-%x", b[0:4], b[4:6], b[6:8], b[8:10], b[10:])
 	nsPath = path.Join(baseDir, nsName)
-	mountPointFd, err := os.Create(nsPath)
+	mountPointFd, err := os.OpenFile(nsPath, os.O_RDWR|os.O_CREATE|os.O_EXCL, 0666)
 	if err != nil {
 		return "", err
 	}