From: Dongwoo Lee <dwoo08.lee@samsung.com>
Date: Thu, 25 Aug 2022 08:15:24 +0000 (+0900)
Subject: resource: disk: Remove unnecessary pre-checking for opening file
X-Git-Tag: submit/tizen/20220830.030501~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F36%2F280236%2F2;p=platform%2Fcore%2Fsystem%2Fpass.git

resource: disk: Remove unnecessary pre-checking for opening file

Instead of checking file existence before opening, now just try to
open file. If the file does not exist, it makes errors though.
This also fixes the vulnerability reports about TOCTOU race condition
(CWE-367).

Change-Id: I10affc264666566b635e1cd8b91ad34fe5613845
Signed-off-by: Dongwoo Lee <dwoo08.lee@samsung.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
---

diff --git a/src/resource/resource-disk.c b/src/resource/resource-disk.c
index cc6a983..a28f216 100644
--- a/src/resource/resource-disk.c
+++ b/src/resource/resource-disk.c
@@ -235,11 +235,12 @@ static int read_disk_stats(char *device_name, struct io_stats *ios)
 
 	snprintf(filename, BUFF_MAX, "/sys/class/block/%s/stat", device_name);
 
-	if (access(filename, F_OK) == -1) {
-		_E("There is no block device(%s)\n", device_name);
-		return -ENOENT;
-	} else if ((fp = fopen(filename, "r")) == NULL) {
-		_E("failed to open block device(%s)\n", device_name);
+	fp = fopen(filename, "r");
+	if (!fp) {
+		char errstr[BUFF_MAX];
+
+		strerror_r(errno, errstr, BUFF_MAX);
+		_E("failed to open block device(%s):%s\n", device_name, errstr);
 		return -ENOENT;
 	}