From: Daehyeon Jung <darrenh.jung@samsung.com>
Date: Mon, 3 Aug 2020 06:14:50 +0000 (+0900)
Subject: Fix TOCTOU issues
X-Git-Tag: accepted/tizen/base/20210823.065438~1
X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Fappfw%2Fxdgmime.git;a=commitdiff_plain;h=f5ae5f01f01af128f81156f5b0771bb6566a3aa4

Fix TOCTOU issues

Change-Id: I5932271916b9a8c9f2da34ef1fa9c2dc1dc3b572
Signed-off-by: Daehyeon Jung <darrenh.jung@samsung.com>
---

diff --git a/xdgmime/src/xdgmime.c b/xdgmime/src/xdgmime.c
index 9e0e5e7..f898cc1 100644
--- a/xdgmime/src/xdgmime.c
+++ b/xdgmime/src/xdgmime.c
@@ -533,6 +533,7 @@ xdg_mime_get_mime_type_for_file (const char  *file_name,
   struct stat buf;
   const char *base_name;
   int n;
+  int fd;
 
   if (file_name == NULL)
     return NULL;
@@ -550,9 +551,17 @@ xdg_mime_get_mime_type_for_file (const char  *file_name,
   if (n == 1)
     return mime_types[0];
 
+  file = fopen (file_name, "r");
+  if (file == NULL)
+    {
+      free (data);
+      return XDG_MIME_TYPE_UNKNOWN;
+    }
+
   if (!statbuf)
     {
-      if (stat (file_name, &buf) != 0)
+      fd = fileno(file);
+      if (fstat (fd, &buf) != 0)
 	return XDG_MIME_TYPE_UNKNOWN;
 
       statbuf = &buf;
@@ -569,13 +578,6 @@ xdg_mime_get_mime_type_for_file (const char  *file_name,
   if (data == NULL)
     return XDG_MIME_TYPE_UNKNOWN;
         
-  file = fopen (file_name, "r");
-  if (file == NULL)
-    {
-      free (data);
-      return XDG_MIME_TYPE_UNKNOWN;
-    }
-
   bytes_read = fread (data, 1, max_extent, file);
   if (ferror (file))
     {
diff --git a/xdgmime/src/xdgmimecache.c b/xdgmime/src/xdgmimecache.c
index ddcb90c..dd52f21 100644
--- a/xdgmime/src/xdgmimecache.c
+++ b/xdgmime/src/xdgmimecache.c
@@ -729,6 +729,7 @@ _xdg_mime_cache_get_mime_type_for_file (const char  *file_name,
   struct stat buf;
   const char *base_name;
   int n;
+  int fd;
 
   if (file_name == NULL)
     return NULL;
@@ -742,9 +743,17 @@ _xdg_mime_cache_get_mime_type_for_file (const char  *file_name,
   if (n == 1)
     return mime_types[0];
 
+  file = fopen (file_name, "r");
+  if (file == NULL)
+    {
+      free (data);
+      return XDG_MIME_TYPE_UNKNOWN;
+    }
+
   if (!statbuf)
     {
-      if (stat (file_name, &buf) != 0)
+      fd = fileno(file);
+      if (fstat (fd, &buf) != 0)
 	return XDG_MIME_TYPE_UNKNOWN;
 
       statbuf = &buf;
@@ -760,13 +769,6 @@ _xdg_mime_cache_get_mime_type_for_file (const char  *file_name,
   data = malloc (max_extent);
   if (data == NULL)
     return XDG_MIME_TYPE_UNKNOWN;
-        
-  file = fopen (file_name, "r");
-  if (file == NULL)
-    {
-      free (data);
-      return XDG_MIME_TYPE_UNKNOWN;
-    }
 
   bytes_read = fread (data, 1, max_extent, file);
   if (ferror (file))
diff --git a/xdgmime/src/xdgmimeglobs2.c b/xdgmime/src/xdgmimeglobs2.c
index 0bd61e8..65d3c8f 100644
--- a/xdgmime/src/xdgmimeglobs2.c
+++ b/xdgmime/src/xdgmimeglobs2.c
@@ -225,13 +225,19 @@ mime_type_info_list_reload(mime_type_info_list *mtil)
 	FILE *globs2 = NULL;
 	struct stat globs2_stat;
 	int r;
+	int fd;
 	char buf[256];
 
 	if(!mtil) return;
 
+	/* read globs2, and construct data structure */
+	globs2 = fopen(GLOBS2_PATH, "r");
+	if (!globs2) return;
+
 	/* Check glob2's mtime.
 	 * If reconstruction is not needed, just exit function */
-	if( stat(GLOBS2_PATH, &globs2_stat) ||
+	fd = fileno(globs2);
+	if (fstat(fd, &globs2_stat) ||
 			globs2_stat.st_mtime <= mtil->globs2_mtime ) return;
 
 	/* clean old mtil */
@@ -246,10 +252,6 @@ mime_type_info_list_reload(mime_type_info_list *mtil)
 	/* save globs2's mtime */
 	mtil->globs2_mtime = globs2_stat.st_mtime;
 
-	/* read globs2, and construct data structure */
-	globs2 = fopen(GLOBS2_PATH, "r");
-	if (!globs2) return;
-
 	char *weight, *mime_type, *file_name, *saveptr = NULL;
 	while(fgets(buf, 255, globs2)) {
 		/* skip comment */