Backport of the following upstream commit:
From bd0127daaaae009ade053718f7d2f297aee4acaf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 23 Nov 2021 16:56:42 +0100
Subject: [PATCH 2/3] shared/rm_rf: refactor rm_rf() to shorten code a bit

CVE: CVE-2021-3997
Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz]
Signed-off-by: Purushottam Choudhary <Purushottam.Choudhary@kpit.com>
---
 src/basic/rm-rf.c | 53 ++++++++++++++++++++--------------------------
 1 file changed, 23 insertions(+), 30 deletions(-)

--- a/src/basic/rm-rf.c
+++ b/src/basic/rm-rf.c
@@ -159,7 +159,7 @@
 }
 
 int rm_rf(const char *path, RemoveFlags flags) {
-        int fd, r;
+        int fd, r, q = 0;
 
         assert(path);
 
@@ -191,49 +191,47 @@
         }
 
         fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
-        if (fd < 0) {
+        if (fd >= 0) {
+                /* We have a dir */
+                r = rm_rf_children(fd, flags, NULL);
+
+                if (FLAGS_SET(flags, REMOVE_ROOT)) {
+                        q = rmdir(path);
+                        if (q < 0)
+                                q = -errno;
+                }
+        } else {
                 if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT)
                         return 0;
 
                 if (!IN_SET(errno, ENOTDIR, ELOOP))
                         return -errno;
 
-                if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES))
+                if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES) || !FLAGS_SET(flags, REMOVE_ROOT))
                         return 0;
 
-                if (FLAGS_SET(flags, REMOVE_ROOT)) {
-
-                        if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) {
-                                struct statfs s;
-
-                                if (statfs(path, &s) < 0)
-                                        return -errno;
-                                if (is_physical_fs(&s))
-                                        return log_error_errno(SYNTHETIC_ERRNO(EPERM),
-                                                               "Attempted to remove files from a disk file system under \"%s\", refusing.",
-                                                               path);
-                        }
-
-                        if (unlink(path) < 0) {
-                                if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT)
-                                        return 0;
+                if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) {
+                        struct statfs s;
 
+                        if (statfs(path, &s) < 0)
                                 return -errno;
-                        }
+                        if (is_physical_fs(&s))
+                                return log_error_errno(SYNTHETIC_ERRNO(EPERM),
+                                                       "Attempted to remove files from a disk file system under \"%s\", refusing.",
+                                                       path);
                 }
 
-                return 0;
+                r = 0;
+                q = unlink(path);
+                if (q < 0)
+                        q = -errno;
         }
 
-        r = rm_rf_children(fd, flags, NULL);
-
-        if (FLAGS_SET(flags, REMOVE_ROOT) &&
-            rmdir(path) < 0 &&
-            r >= 0 &&
-            (!FLAGS_SET(flags, REMOVE_MISSING_OK) || errno != ENOENT))
-                r = -errno;
-
-        return r;
+        if (r < 0)
+                return r;
+        if (q < 0 && (q != -ENOENT || !FLAGS_SET(flags, REMOVE_MISSING_OK)))
+                return q;
+        return 0;
 }
 
 int rm_rf_child(int fd, const char *name, RemoveFlags flags) {