Fix TOCTOU (time-to-check, time-to-use) race
authorColin Leroy <colin@colino.net>
Thu, 8 Oct 2015 16:59:49 +0000 (18:59 +0200)
committerColin Leroy <colin@colino.net>
Thu, 8 Oct 2015 16:59:49 +0000 (18:59 +0200)
src/plugins/archive/libarchive_archive.c

index 928c8eb..f0ae67b 100644 (file)
@@ -551,11 +551,11 @@ const gchar* archive_create(const char* archive_name, GSList* files,
                        g_free(msg);
 #endif
                        entry = archive_entry_new();
-                       lstat(filename, &st);
                        if ((fd = open(filename, O_RDONLY)) == -1) {
                                perror("open file");
                        }
                        else {
+                               lstat(filename, &st);
                                archive_entry_copy_stat(entry, &st);
                                archive_entry_set_pathname(entry, filename);
                                if (S_ISLNK(st.st_mode)) {