| 1 |
commit: 982ea6b9dcea2a86d3772c99cff9ada0c400bf29 |
| 2 |
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sun Jan 26 19:30:45 2020 +0000 |
| 4 |
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Jan 26 19:30:45 2020 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/portage-utils.git/commit/?id=982ea6b9 |
| 7 |
|
| 8 |
libq/xpak: fix Coverity 125939 Time of check time of use |
| 9 |
|
| 10 |
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org> |
| 11 |
|
| 12 |
libq/xpak.c | 38 +++++++++++++++++++++++--------------- |
| 13 |
1 file changed, 23 insertions(+), 15 deletions(-) |
| 14 |
|
| 15 |
diff --git a/libq/xpak.c b/libq/xpak.c |
| 16 |
index 90a3570..59c541d 100644 |
| 17 |
--- a/libq/xpak.c |
| 18 |
+++ b/libq/xpak.c |
| 19 |
@@ -223,7 +223,7 @@ xpak_process( |
| 20 |
|
| 21 |
static void |
| 22 |
_xpak_add_file( |
| 23 |
- int dir_fd, |
| 24 |
+ int fd, |
| 25 |
const char *filename, |
| 26 |
struct stat *st, |
| 27 |
FILE *findex, |
| 28 |
@@ -236,7 +236,7 @@ _xpak_add_file( |
| 29 |
unsigned char intbuf[4]; |
| 30 |
unsigned char *p = intbuf; |
| 31 |
const char *basefile; |
| 32 |
- int fd, in_len; |
| 33 |
+ int in_len; |
| 34 |
|
| 35 |
basefile = basename(filename); |
| 36 |
|
| 37 |
@@ -259,28 +259,24 @@ _xpak_add_file( |
| 38 |
|
| 39 |
/* now open the file, get (data_len), |
| 40 |
* and append the file to the data file */ |
| 41 |
- fd = openat(dir_fd, filename, O_RDONLY|O_CLOEXEC); |
| 42 |
- if (fd < 0) { |
| 43 |
- open_fail: |
| 44 |
+ if ((fin = fdopen(fd, "r")) == NULL) { |
| 45 |
warnp("could not open for reading: %s", filename); |
| 46 |
- fake_data_len: |
| 47 |
WRITE_BE_INT32(p, 0); |
| 48 |
fwrite(p, 1, 4, findex); |
| 49 |
return; |
| 50 |
} |
| 51 |
- fin = fdopen(fd, "r"); |
| 52 |
- if (!fin) { |
| 53 |
- close(fd); |
| 54 |
- goto open_fail; |
| 55 |
- } |
| 56 |
+ |
| 57 |
in_len = st->st_size; |
| 58 |
/* the xpak format can only store files whose size is a 32bit int |
| 59 |
* so we have to make sure we don't store a big file */ |
| 60 |
if (in_len != st->st_size) { |
| 61 |
warnf("File is too big: %zu", (size_t)st->st_size); |
| 62 |
fclose(fin); |
| 63 |
- goto fake_data_len; |
| 64 |
+ WRITE_BE_INT32(p, 0); |
| 65 |
+ fwrite(p, 1, 4, findex); |
| 66 |
+ return; |
| 67 |
} |
| 68 |
+ |
| 69 |
WRITE_BE_INT32(p, in_len); |
| 70 |
fwrite(p, 1, 4, findex); |
| 71 |
copy_file(fin, fdata); |
| 72 |
@@ -333,6 +329,8 @@ xpak_create( |
| 73 |
|
| 74 |
index_len = data_len = 0; |
| 75 |
for (i = 0; i < argc; ++i) { |
| 76 |
+ int fd; |
| 77 |
+ |
| 78 |
if (fstatat(dir_fd, argv[i], &st, 0)) { |
| 79 |
warnp("fstatat(%s) failed", argv[i]); |
| 80 |
continue; |
| 81 |
@@ -344,22 +342,32 @@ xpak_create( |
| 82 |
for (fidx = 0; fidx < numfiles; ++fidx) { |
| 83 |
int ret = snprintf(path, sizeof(path), "%s/%s", |
| 84 |
argv[i], dir[fidx]->d_name); |
| 85 |
+ |
| 86 |
if (ret < 0 || (size_t)ret >= sizeof(path)) { |
| 87 |
warn("skipping path too long: %s/%s", |
| 88 |
argv[i], dir[fidx]->d_name); |
| 89 |
continue; |
| 90 |
} |
| 91 |
- if (stat(path, &st) < 0) { |
| 92 |
+ |
| 93 |
+ fd = openat(dir_fd, path, O_RDONLY|O_CLOEXEC); |
| 94 |
+ if (fd < 0 || fstat(fd, &st) < 0) { |
| 95 |
warnp("could not read %s", path); |
| 96 |
continue; |
| 97 |
} |
| 98 |
- _xpak_add_file(dir_fd, path, &st, |
| 99 |
+ _xpak_add_file(fd, path, &st, |
| 100 |
findex, &index_len, fdata, &data_len, verbose); |
| 101 |
+ close(fd); |
| 102 |
} |
| 103 |
scandir_free(dir, numfiles); |
| 104 |
} else if (S_ISREG(st.st_mode)) { |
| 105 |
- _xpak_add_file(dir_fd, argv[i], &st, |
| 106 |
+ fd = openat(dir_fd, argv[i], O_RDONLY|O_CLOEXEC); |
| 107 |
+ if (fd < 0 || fstat(fd, &st) < 0) { |
| 108 |
+ warnp("could not read %s", path); |
| 109 |
+ continue; |
| 110 |
+ } |
| 111 |
+ _xpak_add_file(fd, argv[i], &st, |
| 112 |
findex, &index_len, fdata, &data_len, verbose); |
| 113 |
+ close(fd); |
| 114 |
} else |
| 115 |
warn("Skipping non file/directory '%s'", argv[i]); |
| 116 |
} |
Archives