1 |
commit: 982ea6b9dcea2a86d3772c99cff9ada0c400bf29 |
2 |
Author: Fabian Groffen <grobian <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Jan 26 19:30:45 2020 +0000 |
4 |
Commit: Fabian Groffen <grobian <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jan 26 19:30:45 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/portage-utils.git/commit/?id=982ea6b9 |
7 |
|
8 |
libq/xpak: fix Coverity 125939 Time of check time of use |
9 |
|
10 |
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org> |
11 |
|
12 |
libq/xpak.c | 38 +++++++++++++++++++++++--------------- |
13 |
1 file changed, 23 insertions(+), 15 deletions(-) |
14 |
|
15 |
diff --git a/libq/xpak.c b/libq/xpak.c |
16 |
index 90a3570..59c541d 100644 |
17 |
--- a/libq/xpak.c |
18 |
+++ b/libq/xpak.c |
19 |
@@ -223,7 +223,7 @@ xpak_process( |
20 |
|
21 |
static void |
22 |
_xpak_add_file( |
23 |
- int dir_fd, |
24 |
+ int fd, |
25 |
const char *filename, |
26 |
struct stat *st, |
27 |
FILE *findex, |
28 |
@@ -236,7 +236,7 @@ _xpak_add_file( |
29 |
unsigned char intbuf[4]; |
30 |
unsigned char *p = intbuf; |
31 |
const char *basefile; |
32 |
- int fd, in_len; |
33 |
+ int in_len; |
34 |
|
35 |
basefile = basename(filename); |
36 |
|
37 |
@@ -259,28 +259,24 @@ _xpak_add_file( |
38 |
|
39 |
/* now open the file, get (data_len), |
40 |
* and append the file to the data file */ |
41 |
- fd = openat(dir_fd, filename, O_RDONLY|O_CLOEXEC); |
42 |
- if (fd < 0) { |
43 |
- open_fail: |
44 |
+ if ((fin = fdopen(fd, "r")) == NULL) { |
45 |
warnp("could not open for reading: %s", filename); |
46 |
- fake_data_len: |
47 |
WRITE_BE_INT32(p, 0); |
48 |
fwrite(p, 1, 4, findex); |
49 |
return; |
50 |
} |
51 |
- fin = fdopen(fd, "r"); |
52 |
- if (!fin) { |
53 |
- close(fd); |
54 |
- goto open_fail; |
55 |
- } |
56 |
+ |
57 |
in_len = st->st_size; |
58 |
/* the xpak format can only store files whose size is a 32bit int |
59 |
* so we have to make sure we don't store a big file */ |
60 |
if (in_len != st->st_size) { |
61 |
warnf("File is too big: %zu", (size_t)st->st_size); |
62 |
fclose(fin); |
63 |
- goto fake_data_len; |
64 |
+ WRITE_BE_INT32(p, 0); |
65 |
+ fwrite(p, 1, 4, findex); |
66 |
+ return; |
67 |
} |
68 |
+ |
69 |
WRITE_BE_INT32(p, in_len); |
70 |
fwrite(p, 1, 4, findex); |
71 |
copy_file(fin, fdata); |
72 |
@@ -333,6 +329,8 @@ xpak_create( |
73 |
|
74 |
index_len = data_len = 0; |
75 |
for (i = 0; i < argc; ++i) { |
76 |
+ int fd; |
77 |
+ |
78 |
if (fstatat(dir_fd, argv[i], &st, 0)) { |
79 |
warnp("fstatat(%s) failed", argv[i]); |
80 |
continue; |
81 |
@@ -344,22 +342,32 @@ xpak_create( |
82 |
for (fidx = 0; fidx < numfiles; ++fidx) { |
83 |
int ret = snprintf(path, sizeof(path), "%s/%s", |
84 |
argv[i], dir[fidx]->d_name); |
85 |
+ |
86 |
if (ret < 0 || (size_t)ret >= sizeof(path)) { |
87 |
warn("skipping path too long: %s/%s", |
88 |
argv[i], dir[fidx]->d_name); |
89 |
continue; |
90 |
} |
91 |
- if (stat(path, &st) < 0) { |
92 |
+ |
93 |
+ fd = openat(dir_fd, path, O_RDONLY|O_CLOEXEC); |
94 |
+ if (fd < 0 || fstat(fd, &st) < 0) { |
95 |
warnp("could not read %s", path); |
96 |
continue; |
97 |
} |
98 |
- _xpak_add_file(dir_fd, path, &st, |
99 |
+ _xpak_add_file(fd, path, &st, |
100 |
findex, &index_len, fdata, &data_len, verbose); |
101 |
+ close(fd); |
102 |
} |
103 |
scandir_free(dir, numfiles); |
104 |
} else if (S_ISREG(st.st_mode)) { |
105 |
- _xpak_add_file(dir_fd, argv[i], &st, |
106 |
+ fd = openat(dir_fd, argv[i], O_RDONLY|O_CLOEXEC); |
107 |
+ if (fd < 0 || fstat(fd, &st) < 0) { |
108 |
+ warnp("could not read %s", path); |
109 |
+ continue; |
110 |
+ } |
111 |
+ _xpak_add_file(fd, argv[i], &st, |
112 |
findex, &index_len, fdata, &data_len, verbose); |
113 |
+ close(fd); |
114 |
} else |
115 |
warn("Skipping non file/directory '%s'", argv[i]); |
116 |
} |