ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-03-22 03:55:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

firmware-utils: uimage_padhdr: fix Coverity issue

Browse Source 
Fixes following issue reported by Coverity scan:

 *** CID 1452085:  Security best practices violations  (TOCTOU)
 /tools/firmware-utils/src/uimage_padhdr.c: 100 in main()
 94
 95     	if (!infname || !outfname) {
 96     		usage(argv[0]);
 97     		exit(1);
 98     	}
 99
 >>>     CID 1452085:  Security best practices violations  (TOCTOU)
 >>>     Calling function "stat" to perform check on "infname".
 100     	if (stat(infname, &statbuf) < 0) {

Fixes: a1c6a316d299 ("ramips: add support for Fon FON2601")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This commit is contained in:
Petr Štetiar 2019-07-31 14:07:11 +02:00
parent 6e300f6a0c
commit ea1acaf5a6
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
tools/firmware-utils/src/uimage_padhdr.c
View File

@ -97,18 +97,6 @@ int main(int argc, char *argv[])
exit(1);
}
if (stat(infname, &statbuf) < 0) {
fprintf(stderr,
"could not find input file. (errno = %d)\n", errno);
exit(1);
}
filebuf = malloc(statbuf.st_size + padsz);
if (!filebuf) {
fprintf(stderr, "buffer allocation failed\n");
exit(1);
}
ifd = open(infname, O_RDONLY);
if (ifd < 0) {
fprintf(stderr,
@ -123,6 +111,18 @@ int main(int argc, char *argv[])
exit(1);
}
if (fstat(ifd, &statbuf) < 0) {
fprintf(stderr,
"could not fstat input file. (errno = %d)\n", errno);
exit(1);
}
filebuf = malloc(statbuf.st_size + padsz);
if (!filebuf) {
fprintf(stderr, "buffer allocation failed\n");
exit(1);
}
rsz = read(ifd, filebuf, sizeof(*imgh));
if (rsz != sizeof(*imgh)) {
fprintf(stderr,