From: deraadt <deraadt@openbsd.org>
Date: Mon, 12 Oct 2015 05:54:18 +0000 (+0000)
Subject: fstat() of opened fd, rather than stat(), to avoid TOCTOU
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=b154e2c0a99bad776cb43391283323adbae0c908;p=openbsd

fstat() of opened fd, rather than stat(), to avoid TOCTOU
ok jsg
---

diff --git a/usr.sbin/mkuboot/mkuboot.c b/usr.sbin/mkuboot/mkuboot.c
index 8ecb79dd790..6f5cd69f4ca 100644
--- a/usr.sbin/mkuboot/mkuboot.c
+++ b/usr.sbin/mkuboot/mkuboot.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: mkuboot.c,v 1.4 2014/05/18 21:18:07 miod Exp $	*/
+/*	$OpenBSD: mkuboot.c,v 1.5 2015/10/12 05:54:18 deraadt Exp $	*/
 
 /*
  * Copyright (c) 2008 Mark Kettenis
@@ -223,15 +223,13 @@ main(int argc, char *argv[])
 	ifd = open(iname, O_RDONLY);
 	if (ifd < 0)
 		err(1, "%s", iname);
+	if (fstat(ifd, &sb) == -1)
+		err(1, "%s", iname);
 
 	ofd = open(oname, O_RDWR | O_TRUNC | O_CREAT, 0644);
 	if (ofd < 0)
 		err(1, "%s", oname);
 
-	if (stat(iname, &sb) == -1) {
-		err(1, "%s", oname);
-	}
-
 	/* Write initial header. */
 	if (write(ofd, &ih, sizeof ih) != sizeof ih)
 		err(1, "%s", oname);