From: Petr Štetiar Date: Wed, 31 Jul 2019 12:07:11 +0000 (+0200) Subject: firmware-utils: uimage_padhdr: fix Coverity issue X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=2fc7a2712f44de68b0fade4badb07ce9ea07ed16;p=project%2Ffirmware-utils.git firmware-utils: uimage_padhdr: fix Coverity issue Fixes following issue reported by Coverity scan: *** CID 1452085: Security best practices violations (TOCTOU) /tools/firmware-utils/src/uimage_padhdr.c: 100 in main() 94 95 if (!infname || !outfname) { 96 usage(argv[0]); 97 exit(1); 98 } 99 >>> CID 1452085: Security best practices violations (TOCTOU) >>> Calling function "stat" to perform check on "infname". 100 if (stat(infname, &statbuf) < 0) { Fixes: a1c6a316d299 ("ramips: add support for Fon FON2601") Signed-off-by: Petr Štetiar --- diff --git a/src/uimage_padhdr.c b/src/uimage_padhdr.c index b5fb97d..d1a1efb 100644 --- a/src/uimage_padhdr.c +++ b/src/uimage_padhdr.c @@ -97,18 +97,6 @@ int main(int argc, char *argv[]) exit(1); } - if (stat(infname, &statbuf) < 0) { - fprintf(stderr, - "could not find input file. (errno = %d)\n", errno); - exit(1); - } - - filebuf = malloc(statbuf.st_size + padsz); - if (!filebuf) { - fprintf(stderr, "buffer allocation failed\n"); - exit(1); - } - ifd = open(infname, O_RDONLY); if (ifd < 0) { fprintf(stderr, @@ -123,6 +111,18 @@ int main(int argc, char *argv[]) exit(1); } + if (fstat(ifd, &statbuf) < 0) { + fprintf(stderr, + "could not fstat input file. (errno = %d)\n", errno); + exit(1); + } + + filebuf = malloc(statbuf.st_size + padsz); + if (!filebuf) { + fprintf(stderr, "buffer allocation failed\n"); + exit(1); + } + rsz = read(ifd, filebuf, sizeof(*imgh)); if (rsz != sizeof(*imgh)) { fprintf(stderr,