From: Christian Marangi <ansuelsmth@gmail.com>
Date: Mon, 22 Jan 2024 00:13:11 +0000 (+0100)
Subject: kmodloader: fix TOCTOU problem with scan_builtin_modules
X-Git-Url: http://git.openwrt.org/project/ubox.git/?p=project%2Fubox.git;a=commitdiff_plain;h=6cf7d837ee7e392ee047aee4f45132f4176b7493

kmodloader: fix TOCTOU problem with scan_builtin_modules

Fix TOCTOU problem with scan_builtin_modules by opening the file pointer
only once in module_folders scan.

Fix Coverity Report CID 1586645:  Security best practices violations
(TOCTOU).

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
---

diff --git a/kmodloader.c b/kmodloader.c
index 43105b3..3736942 100644
--- a/kmodloader.c
+++ b/kmodloader.c
@@ -502,11 +502,16 @@ static int scan_builtin_modules(void)
 		return -1;
 	for (p = module_folders; *p; p++) {
 		snprintf(path, sizeof(path), "%s%s", *p, MOD_BUILTIN);
-		if (!stat(path, &st) && S_ISREG(st.st_mode)) {
-			fp = fopen(path, "r");
-			if (fp)
-				break;
-		}
+		fp = fopen(path, "r");
+		if (!fp)
+			continue;
+
+		if (!fstat(fileno(fp), &st) && S_ISREG(st.st_mode))
+			break;
+
+		/* Not regular file, close it and check next */
+		fclose(fp);
+		fp = NULL;
 	}
 	if (!fp)
 		return 0;	/* OK if modules.builtin unavailable */