Fixed TOCTOU for config file

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2024-10-12 14:42:28 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2024-10-16 13:03:41 +0200
commit: 937779e26bc425592e636e44abe429d51a579c83 (patch)
tree: 03857c41c1874e08ab0c69e10036c214b9c35540 /utils.c
parent: cb889b652641fb3041acd01d9939a3016ddf927a (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/utils.c b/utils.c
index cbbf27187..2e55cec82 100644
--- a/utils.c
+++ b/utils.c
@@ -703,11 +703,17 @@ static int parse_config_lines(FILE * const file, config_line_callback cb, void *
 
 int parse_config_file(char const * const config_file, config_line_callback cb, void * const user_data)
 {
+    int file_fd;
     FILE * file;
     int error;
     struct stat sbuf;
 
-    if (stat(config_file, &sbuf) != 0)
+    file_fd = open(config_file, O_RDONLY);
+    if (file_fd < 0)
+    {
+        return -1;
+    }
+    if (fstat(file_fd, &sbuf) != 0)
     {
         return -1;
     }
@@ -716,7 +722,7 @@ int parse_config_file(char const * const config_file, config_line_callback cb, v
         return -ENOENT;
     }
 
-    file = fopen(config_file, "r");
+    file = fdopen(file_fd, "r");
     if (file == NULL)
     {
         return -1;
author	Toni Uhlig <matzeton@googlemail.com>	2024-10-12 14:42:28 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2024-10-16 13:03:41 +0200
commit	937779e26bc425592e636e44abe429d51a579c83 (patch)
tree	03857c41c1874e08ab0c69e10036c214b9c35540 /utils.c
parent	cb889b652641fb3041acd01d9939a3016ddf927a (diff)