@@ -246,23 +246,23 @@ static void read_config_file(int conf_dirfd, const char *name)
ssize_t len;
struct stat buf;
- if (fstatat(conf_dirfd, name, &buf, 0)) {
- fprintf(stderr, PFX "Warning: couldn't stat config file '%s/%s'.\n",
+ fd = openat(conf_dirfd, name, O_RDONLY | O_CLOEXEC);
+ if (fd == -1) {
+ fprintf(stderr, PFX "Warning: couldn't read config file '%s/%s'.\n",
IBV_CONFIG_DIR, name);
return;
}
- if (!S_ISREG(buf.st_mode)) {
- fprintf(stderr, PFX "Warning: invalid config file '%s/%s'.\n",
+ if (fstat(fd, &buf)) {
+ fprintf(stderr, PFX "Warning: couldn't stat config file '%s/%s'.\n",
IBV_CONFIG_DIR, name);
- return;
+ goto out;
}
- fd = openat(conf_dirfd, name, O_RDONLY | O_CLOEXEC);
- if (fd == -1) {
- fprintf(stderr, PFX "Warning: couldn't read config file '%s/%s'.\n",
+ if (!S_ISREG(buf.st_mode)) {
+ fprintf(stderr, PFX "Warning: invalid config file '%s/%s'.\n",
IBV_CONFIG_DIR, name);
- return;
+ goto out;
}
conf = fdopen(fd, "r" STREAM_CLOEXEC);
Use fstat() to check the parameters of the opened file instead of checking the path. This is basic Time-Of-Check / Time-Of-Use (TOCTOU) issue. Weakness addressed: - CWE-363: Race Condition Enabling Link Following <http://cwe.mitre.org/data/definitions/363.html> - CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition <http://cwe.mitre.org/data/definitions/367.html> Secure coding: - FIO01-C. Be careful using functions that use file names for identification <https://www.securecoding.cert.org/confluence/display/seccode/FIO01-C.+Be+careful+using+functions+that+use+file+names+for+identification> Signed-off-by: Yann Droneaud <ydroneaud@opteya.com> --- src/init.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-)