lib/repo.c: CID 62757 (toctou)

2014-10-08 10:00:17 +02:00
parent 805f6aa1b2
commit 513f8a2bae
1 changed files with 5 additions and 6 deletions
--- a/lib/repo.c
+++ b/lib/repo.c
@@ -142,12 +142,6 @@ xbps_repo_open(struct xbps_handle *xhp, const char *url, bool lock)
 		/* local repository */
 		repofile = xbps_repo_path(xhp, url);
 	}
-
-	if (stat(repofile, &st) == -1) {
-		xbps_dbg_printf(xhp, "[repo] `%s' stat repodata %s\n",
-		    repofile, strerror(errno));
-		goto out;
-	}
 	/*
 	 * Open or create the repository archive.
 	 */
@@ -169,6 +163,11 @@ xbps_repo_open(struct xbps_handle *xhp, const char *url, bool lock)
 		xbps_dbg_printf(xhp, "[repo] failed to lock %s: %s\n", repo->uri, strerror(errno));
 		goto out;
 	}
+	if (fstat(repo->fd, &st) == -1) {
+		xbps_dbg_printf(xhp, "[repo] `%s' fstat repodata %s\n",
+		    repofile, strerror(errno));
+		goto out;
+	}

 	repo->ar = archive_read_new();
 	archive_read_support_compression_gzip(repo->ar);