fstat() of opened fd, rather than stat(), to avoid TOCTOU

ok jsg

diff --git a/usr.sbin/mkuboot/mkuboot.c b/usr.sbin/mkuboot/mkuboot.c
index 8ecb79d..6f5cd69 100644 (file)
--- a/usr.sbin/mkuboot/mkuboot.c
+++ b/usr.sbin/mkuboot/mkuboot.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: mkuboot.c,v 1.4 2014/05/18 21:18:07 miod Exp $        */
+/*     $OpenBSD: mkuboot.c,v 1.5 2015/10/12 05:54:18 deraadt Exp $     */
 
 /*
  * Copyright (c) 2008 Mark Kettenis
@@ -223,15 +223,13 @@ main(int argc, char *argv[])
        ifd = open(iname, O_RDONLY);
        if (ifd < 0)
                err(1, "%s", iname);
+       if (fstat(ifd, &sb) == -1)
+               err(1, "%s", iname);
 
        ofd = open(oname, O_RDWR | O_TRUNC | O_CREAT, 0644);
        if (ofd < 0)
                err(1, "%s", oname);
 
-       if (stat(iname, &sb) == -1) {
-               err(1, "%s", oname);
-       }
-
        /* Write initial header. */
        if (write(ofd, &ih, sizeof ih) != sizeof ih)
                err(1, "%s", oname);