From 0ea2f26454b9a6725135d00d0898a56626c05939 Mon Sep 17 00:00:00 2001
From: Dongwoo Lee <dwoo08.lee@samsung.com>
Date: Thu, 25 Aug 2022 17:15:24 +0900
Subject: [PATCH] resource: disk: Remove unnecessary pre-checking for opening
 file

Instead of checking file existence before opening, now just try to
open file. If the file does not exist, it makes errors though.
This also fixes the vulnerability reports about TOCTOU race condition
(CWE-367).

Change-Id: I10affc264666566b635e1cd8b91ad34fe5613845
Signed-off-by: Dongwoo Lee <dwoo08.lee@samsung.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
---
 src/resource/resource-disk.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/resource/resource-disk.c b/src/resource/resource-disk.c
index cc6a983..a28f216 100644
--- a/src/resource/resource-disk.c
+++ b/src/resource/resource-disk.c
@@ -235,11 +235,12 @@ static int read_disk_stats(char *device_name, struct io_stats *ios)
 
 	snprintf(filename, BUFF_MAX, "/sys/class/block/%s/stat", device_name);
 
-	if (access(filename, F_OK) == -1) {
-		_E("There is no block device(%s)\n", device_name);
-		return -ENOENT;
-	} else if ((fp = fopen(filename, "r")) == NULL) {
-		_E("failed to open block device(%s)\n", device_name);
+	fp = fopen(filename, "r");
+	if (!fp) {
+		char errstr[BUFF_MAX];
+
+		strerror_r(errno, errstr, BUFF_MAX);
+		_E("failed to open block device(%s):%s\n", device_name, errstr);
 		return -ENOENT;
 	}
 
-- 
2.34.1