From 8a966458f50afb2af475a9cb24fb817ac0383dfb Mon Sep 17 00:00:00 2001
From: Patrick Georgi <pgeorgi@google.com>
Date: Fri, 20 Sep 2019 22:03:58 +0200
Subject: crossystem: avoid TOCTOU issue

Found by Coverity Scan #57203

BUG=none
BRANCH=none
TEST=none

Change-Id: Ic04d1c7c3299ee5f779e7a8cf0359a8a1a751b5b
Signed-off-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1815240
Reviewed-by: Julius Werner <jwerner@chromium.org>
Tested-by: Patrick Georgi <pgeorgi@chromium.org>
Commit-Queue: Patrick Georgi <pgeorgi@chromium.org>
---
 host/arch/x86/lib/crossystem_arch.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'host/arch')

diff --git a/host/arch/x86/lib/crossystem_arch.c b/host/arch/x86/lib/crossystem_arch.c
index 25d7a325..31510647 100644
--- a/host/arch/x86/lib/crossystem_arch.c
+++ b/host/arch/x86/lib/crossystem_arch.c
@@ -6,6 +6,7 @@
 #include <ctype.h>
 #include <dirent.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <linux/nvram.h>
 #include <stddef.h>
 #include <stdint.h>
@@ -239,11 +240,15 @@ static uint8_t* VbGetBuffer(const char* filename, int* buffer_size)
 		int rv, i, real_size;
 		int parsed_size = 0;
 
-		rv = stat(filename, &fs);
+		int fd = open(filename, O_RDONLY);
+		if (fd == -1)
+			break;
+
+		rv = fstat(fd, &fs);
 		if (rv || !S_ISREG(fs.st_mode))
 			break;
 
-		f = fopen(filename, "r");
+		f = fdopen(fd, "r");
 		if (!f)
 			break;
 
-- 
cgit v1.2.1