aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPetr Štetiar <ynezz@true.cz>2019-07-31 14:07:11 +0200
committerPetr Štetiar <ynezz@true.cz>2019-08-04 22:09:20 +0200
commitea1acaf5a697a3b3e0cd5c778d2c3930d7d6812b (patch)
tree288ff07e63e458517b9a197bb9c2a56e9bfe7d7c
parent6e300f6a0c94812d0f4d8f67df6604c763f7552f (diff)
downloadupstream-ea1acaf5a697a3b3e0cd5c778d2c3930d7d6812b.tar.gz
upstream-ea1acaf5a697a3b3e0cd5c778d2c3930d7d6812b.tar.bz2
upstream-ea1acaf5a697a3b3e0cd5c778d2c3930d7d6812b.zip
firmware-utils: uimage_padhdr: fix Coverity issue
Fixes following issue reported by Coverity scan: *** CID 1452085: Security best practices violations (TOCTOU) /tools/firmware-utils/src/uimage_padhdr.c: 100 in main() 94 95 if (!infname || !outfname) { 96 usage(argv[0]); 97 exit(1); 98 } 99 >>> CID 1452085: Security best practices violations (TOCTOU) >>> Calling function "stat" to perform check on "infname". 100 if (stat(infname, &statbuf) < 0) { Fixes: a1c6a316d299 ("ramips: add support for Fon FON2601") Signed-off-by: Petr Štetiar <ynezz@true.cz>
-rw-r--r--tools/firmware-utils/src/uimage_padhdr.c24
1 files changed, 12 insertions, 12 deletions
diff --git a/tools/firmware-utils/src/uimage_padhdr.c b/tools/firmware-utils/src/uimage_padhdr.c
index b5fb97d21f..d1a1efb575 100644
--- a/tools/firmware-utils/src/uimage_padhdr.c
+++ b/tools/firmware-utils/src/uimage_padhdr.c
@@ -97,18 +97,6 @@ int main(int argc, char *argv[])
exit(1);
}
- if (stat(infname, &statbuf) < 0) {
- fprintf(stderr,
- "could not find input file. (errno = %d)\n", errno);
- exit(1);
- }
-
- filebuf = malloc(statbuf.st_size + padsz);
- if (!filebuf) {
- fprintf(stderr, "buffer allocation failed\n");
- exit(1);
- }
-
ifd = open(infname, O_RDONLY);
if (ifd < 0) {
fprintf(stderr,
@@ -123,6 +111,18 @@ int main(int argc, char *argv[])
exit(1);
}
+ if (fstat(ifd, &statbuf) < 0) {
+ fprintf(stderr,
+ "could not fstat input file. (errno = %d)\n", errno);
+ exit(1);
+ }
+
+ filebuf = malloc(statbuf.st_size + padsz);
+ if (!filebuf) {
+ fprintf(stderr, "buffer allocation failed\n");
+ exit(1);
+ }
+
rsz = read(ifd, filebuf, sizeof(*imgh));
if (rsz != sizeof(*imgh)) {
fprintf(stderr,