Fix #1175, Use fstat and fchmod for TOCTOU Bug

nasa · Oct 19, 2021 · b1b6c9c · b1b6c9c
1 parent 64a6b31
commit b1b6c9c
Showing 1 changed file with 17 additions and 4 deletions.
diff --git a/ut_assert/src/uttools.c b/ut_assert/src/uttools.c
@@ -106,14 +106,26 @@ bool UtMem2HexFile(const void *Memory, const char *Filename, uint32 Length)
     FILE *      fp;
     uint32      i;
     uint32      j;
+    int         fd;
     struct stat dststat;
-
+
+    /* Open file to avoid filename race potential */
+    fd = open(Filename, 0, 0);
+    if (fd < 0)
+    {
+        fd = open(Filename, 1, 0);
+        if (fd < 0)
+        {
+            printf("UtMem2HexFile: Error Opening File: %s, %s\n", Filename, strerror(errno));
+            return(false);
+        }
+    }
+
     if ((fp = fopen(Filename, "w")))
     {
-        if (stat(Filename, &dststat) == 0)
+        if (fstat(fd, &dststat) == 0)
         {
-            chmod(Filename, dststat.st_mode & ~(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH));
-            stat(Filename, &dststat);
+            fchmod(fd, dststat.st_mode & ~(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH));
         }
 
         for (i = 0; i < Length; i += 16)
@@ -135,6 +147,7 @@ bool UtMem2HexFile(const void *Memory, const char *Filename, uint32 Length)
             fprintf(fp, "\n");
         }
         fclose(fp);
+        close(fd);
         return (true);
     }
     else