From: Christian Marangi Date: Mon, 22 Jan 2024 00:13:11 +0000 (+0100) Subject: kmodloader: fix TOCTOU problem with scan_builtin_modules X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=6cf7d837ee7e392ee047aee4f45132f4176b7493;p=project%2Fubox.git kmodloader: fix TOCTOU problem with scan_builtin_modules Fix TOCTOU problem with scan_builtin_modules by opening the file pointer only once in module_folders scan. Fix Coverity Report CID 1586645: Security best practices violations (TOCTOU). Signed-off-by: Christian Marangi --- diff --git a/kmodloader.c b/kmodloader.c index 43105b3..3736942 100644 --- a/kmodloader.c +++ b/kmodloader.c @@ -502,11 +502,16 @@ static int scan_builtin_modules(void) return -1; for (p = module_folders; *p; p++) { snprintf(path, sizeof(path), "%s%s", *p, MOD_BUILTIN); - if (!stat(path, &st) && S_ISREG(st.st_mode)) { - fp = fopen(path, "r"); - if (fp) - break; - } + fp = fopen(path, "r"); + if (!fp) + continue; + + if (!fstat(fileno(fp), &st) && S_ISREG(st.st_mode)) + break; + + /* Not regular file, close it and check next */ + fclose(fp); + fp = NULL; } if (!fp) return 0; /* OK if modules.builtin unavailable */