Merge pull request #1181 from ArielSAdamsNASA/fix-1175-toctou-bug-chmod

Fix #1175, Use fstat and fchmod for TOCTOU Bug
nasa · Oct 3, 2022 · 063221a · 063221a
2 parents 38559d4 + 9157b78
commit 063221a
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/ut_assert/src/uttools.c b/ut_assert/src/uttools.c
@@ -55,14 +55,15 @@ typedef struct
 bool UtMem2BinFile(const void *Memory, const char *Filename, uint32 Length)
 {
     FILE *      fp;
+    int         fd;
     struct stat dststat;
 
     if ((fp = fopen(Filename, "w")))
     {
-        if (stat(Filename, &dststat) == 0)
+        fd = fileno(fp);
+        if (fstat(fd, &dststat) == 0)
         {
-            chmod(Filename, dststat.st_mode & ~(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH));
-            stat(Filename, &dststat);
+            fchmod(fd, dststat.st_mode & ~(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH));
         }
 
         fwrite(Memory, Length, 1, fp);
@@ -104,14 +105,15 @@ bool UtMem2HexFile(const void *Memory, const char *Filename, uint32 Length)
     FILE *      fp;
     uint32      i;
     uint32      j;
+    int         fd;
     struct stat dststat;
 
     if ((fp = fopen(Filename, "w")))
     {
-        if (stat(Filename, &dststat) == 0)
+        fd = fileno(fp);
+        if (fstat(fd, &dststat) == 0)
         {
-            chmod(Filename, dststat.st_mode & ~(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH));
-            stat(Filename, &dststat);
+            fchmod(fd, dststat.st_mode & ~(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH));
         }
 
         for (i = 0; i < Length; i += 16)