From 7176f386b2017e151d43fc8bb8b2f98afaadf419 Mon Sep 17 00:00:00 2001 From: dyamy-lee Date: Mon, 29 Mar 2021 08:58:21 +0900 Subject: [PATCH] fix TOCTOU Issue by fixing access to path check Calling function 'fopen' after check function like 'access' which perform check on path can cause a time-of-check, time-of-use race condition. For resolving this, remove 'access' and just print error message of fopen() fail with errno. Change-Id: I46b4639815b52fef1548209d703cf40d9ee6920b --- base/base_gui_direct.h | 1 + fota_gui_common/fota_gr_direct_ro_common.c | 32 +++++++++---------- .../fota_gr_direct_ro_wearable.c | 32 +++++++++---------- .../recovery_gr_direct_common.c | 24 +++++++------- .../fota_gr_direct_rw_common.c | 28 ++++++++-------- .../rw-update_new_fb_cairo.c | 29 +++++++++-------- 6 files changed, 76 insertions(+), 70 deletions(-) diff --git a/base/base_gui_direct.h b/base/base_gui_direct.h index 692717a..2e56a71 100644 --- a/base/base_gui_direct.h +++ b/base/base_gui_direct.h @@ -20,6 +20,7 @@ #define __BASE_GUI_DIRECT_H__ #include "gui_general.h" +#include extern int fota_gr_direct_init(void); extern void fota_gr_direct_deinit(void); diff --git a/fota_gui_common/fota_gr_direct_ro_common.c b/fota_gui_common/fota_gr_direct_ro_common.c index 9a83fb8..9ef0a06 100644 --- a/fota_gui_common/fota_gr_direct_ro_common.c +++ b/fota_gui_common/fota_gr_direct_ro_common.c @@ -35,23 +35,23 @@ int fota_gr_direct_update_progress(int * s_saved_percent, int * s_percent_to_dra FILE *fp; - if (access("/tmp/upgrade/ro_progress", R_OK) == 0) { - fp = fopen("/tmp/upgrade/ro_progress", "r"); - if (fp) { - if (fscanf(fp, "%d", &percent) == EOF) - LOG("Error occurs at reading ro_progress"); - if (percent == -1 && *s_saved_percent > 0) { - LOG("END ro update\n"); - fclose(fp); - return -1; - } - if (percent < 0) - percent = 0; - if (percent > 0xffffff) - percent = 0xffffff; + fp = fopen("/tmp/upgrade/ro_progress", "r"); + if (fp) { + if (fscanf(fp, "%d", &percent) == EOF) + LOG("Error occurs at reading ro_progress"); + if (percent == -1 && *s_saved_percent > 0) { + LOG("END ro update\n"); fclose(fp); - } else - percent = *s_percent_to_draw; + return -1; + } + if (percent < 0) + percent = 0; + if (percent > 0xffffff) + percent = 0xffffff; + fclose(fp); + } else { + LOG("fopen fail, error msg : %s\n", strerror(errno)); + percent = *s_percent_to_draw; } if (*s_percent_to_draw < percent) diff --git a/fota_gui_wearable/fota_gr_direct_ro_wearable.c b/fota_gui_wearable/fota_gr_direct_ro_wearable.c index 8dc2ccf..7cd33ea 100644 --- a/fota_gui_wearable/fota_gr_direct_ro_wearable.c +++ b/fota_gui_wearable/fota_gr_direct_ro_wearable.c @@ -434,23 +434,23 @@ int fota_gr_direct_ro_update_progress(void) FILE *fp; - if (access("/tmp/upgrade/ro_progress", R_OK) == 0) { - fp = fopen("/tmp/upgrade/ro_progress", "r"); - if (fp) { - if (fscanf(fp, "%d", &percent) == EOF) - LOG("Error occurs at reading ro_progress"); - if (percent == -1 && s_saved_percent > 0) { - LOG("END ro update\n"); - fclose(fp); - return -1; - } - if (percent < 0) - percent = 0; - if (percent > 0xffffff) - percent = 0xffffff; + fp = fopen("/tmp/upgrade/ro_progress", "r"); + if (fp) { + if (fscanf(fp, "%d", &percent) == EOF) + LOG("Error occurs at reading ro_progress"); + if (percent == -1 && s_saved_percent > 0) { + LOG("END ro update\n"); fclose(fp); - } else - percent = s_percent_to_draw; + return -1; + } + if (percent < 0) + percent = 0; + if (percent > 0xffffff) + percent = 0xffffff; + fclose(fp); + } else { + LOG("fopen fail, error msg : %s\n", strerror(errno)); + percent = s_percent_to_draw; } if (s_percent_to_draw < percent) diff --git a/recovery_gui_common/recovery_gr_direct_common.c b/recovery_gui_common/recovery_gr_direct_common.c index 2958eb7..fba3561 100644 --- a/recovery_gui_common/recovery_gr_direct_common.c +++ b/recovery_gui_common/recovery_gr_direct_common.c @@ -35,18 +35,18 @@ int fota_gr_direct_update_progress(int * s_saved_percent, int * s_percent_to_dra FILE *fp; - if (access("/tmp/recovery_progress", R_OK) == 0) { - fp = fopen("/tmp/recovery_progress", "r"); - if (fp) { - if (fscanf(fp, "%d", &percent) == EOF) - LOG("Error occurs at reading progress"); - if (percent < 0) - percent = 0; - if (percent > 0xffffff) - percent = 0xffffff; - fclose(fp); - } else - percent = *s_percent_to_draw; + fp = fopen("/tmp/recovery_progress", "r"); + if (fp) { + if (fscanf(fp, "%d", &percent) == EOF) + LOG("Error occurs at reading progress"); + if (percent < 0) + percent = 0; + if (percent > 0xffffff) + percent = 0xffffff; + fclose(fp); + } else { + LOG("fopen fail, error msg : %s\n", strerror(errno)); + percent = *s_percent_to_draw; } *s_percent_to_draw = percent; diff --git a/rw-update-ani-common/fota_gr_direct_rw_common.c b/rw-update-ani-common/fota_gr_direct_rw_common.c index 873c936..21167c3 100644 --- a/rw-update-ani-common/fota_gr_direct_rw_common.c +++ b/rw-update-ani-common/fota_gr_direct_rw_common.c @@ -35,7 +35,7 @@ int fota_gr_direct_update_progress(int * s_saved_percent, int * s_percent_to_dra //static int b_text_drawn = 0; FILE *fp; - if (total <= 0 && access("/tmp/upgrade/total", R_OK) == 0) { + if (total <= 0) { fp = fopen("/tmp/upgrade/total", "r"); if (fp) { if (fscanf(fp, "%d", &total) == EOF) @@ -45,22 +45,24 @@ int fota_gr_direct_update_progress(int * s_saved_percent, int * s_percent_to_dra if (total > 0xffffff) total = 0xffffff; fclose(fp); - } else + } else { + LOG("fopen fail, error msg : %s\n", strerror(errno)); total = 0; + } } - if (access("/tmp/upgrade/progress", R_OK) == 0) { - fp = fopen("/tmp/upgrade/progress", "r"); - if (fp) { - if (fscanf(fp, "%d", &progress) == EOF) - LOG("Error occurs at reading progress"); - if (progress < 0) - progress = 0; - if (progress > total) - progress = total; - fclose(fp); - } else + fp = fopen("/tmp/upgrade/progress", "r"); + if (fp) { + if (fscanf(fp, "%d", &progress) == EOF) + LOG("Error occurs at reading progress"); + if (progress < 0) progress = 0; + if (progress > total) + progress = total; + fclose(fp); + } else { + LOG("fopen fail, error msg : %s\n", strerror(errno)); + progress = 0; } if (total == 0) diff --git a/rw-update-ani-wearable/rw-update_new_fb_cairo.c b/rw-update-ani-wearable/rw-update_new_fb_cairo.c index ed24012..8861e72 100644 --- a/rw-update-ani-wearable/rw-update_new_fb_cairo.c +++ b/rw-update-ani-wearable/rw-update_new_fb_cairo.c @@ -23,6 +23,7 @@ #include "rw-update_new_fb.h" #include #include +#include #ifdef CAIRO_LIB #include "rw-update_new_cairo.h" @@ -199,7 +200,7 @@ void fb_draw_screen(FbInfo *fbi) static int b_text_drawn = 0; FILE *fp; - if (total <= 0 && access("/tmp/upgrade/total", R_OK) == 0) { + if (total <= 0) { fp = fopen("/tmp/upgrade/total", "r"); if (fp) { if (fscanf(fp, "%d", &total) == EOF) @@ -209,22 +210,24 @@ void fb_draw_screen(FbInfo *fbi) if (total > 0xffffff) total = 0xffffff; fclose(fp); - } else + } else { + _DEBUG_LOG("fopen fail, error msg : %s\n", strerror(errno)); total = 0; + } } - if (access("/tmp/upgrade/progress", R_OK) == 0) { - fp = fopen("/tmp/upgrade/progress", "r"); - if (fp) { - if (fscanf(fp, "%d", &progress) == EOF) - _DEBUG_LOG("Error occurs at reading progress"); - if (progress < 0) - progress = 0; - if (progress > total) - progress = total; - fclose(fp); - } else + fp = fopen("/tmp/upgrade/progress", "r"); + if (fp) { + if (fscanf(fp, "%d", &progress) == EOF) + _DEBUG_LOG("Error occurs at reading progress"); + if (progress < 0) progress = 0; + if (progress > total) + progress = total; + fclose(fp); + } else { + _DEBUG_LOG("fopen fail, error msg : %s\n", strerror(errno)); + progress = 0; } _DEBUG_LOG("progress: %d/%d", progress, total); -- 2.34.1