diff options
author | Patrick Georgi <pgeorgi@google.com> | 2019-09-20 22:03:58 +0200 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-09-26 15:30:19 +0000 |
commit | 8a966458f50afb2af475a9cb24fb817ac0383dfb (patch) | |
tree | 93946187c164c6053bf655e7d1b0e4c84b3dfcb8 /host | |
parent | 14c01ac6c6e80b37e38c8b34d07e8501084ba2a8 (diff) | |
download | vboot-8a966458f50afb2af475a9cb24fb817ac0383dfb.tar.gz |
crossystem: avoid TOCTOU issue
Found by Coverity Scan #57203
BUG=none
BRANCH=none
TEST=none
Change-Id: Ic04d1c7c3299ee5f779e7a8cf0359a8a1a751b5b
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1815240
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
Diffstat (limited to 'host')
-rw-r--r-- | host/arch/x86/lib/crossystem_arch.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/host/arch/x86/lib/crossystem_arch.c b/host/arch/x86/lib/crossystem_arch.c index 25d7a325..31510647 100644 --- a/host/arch/x86/lib/crossystem_arch.c +++ b/host/arch/x86/lib/crossystem_arch.c @@ -6,6 +6,7 @@ #include <ctype.h> #include <dirent.h> #include <errno.h> +#include <fcntl.h> #include <linux/nvram.h> #include <stddef.h> #include <stdint.h> @@ -239,11 +240,15 @@ static uint8_t* VbGetBuffer(const char* filename, int* buffer_size) int rv, i, real_size; int parsed_size = 0; - rv = stat(filename, &fs); + int fd = open(filename, O_RDONLY); + if (fd == -1) + break; + + rv = fstat(fd, &fs); if (rv || !S_ISREG(fs.st_mode)) break; - f = fopen(filename, "r"); + f = fdopen(fd, "r"); if (!f) break; |