Skip to content

Commit 78e91a7

Browse files
chuckleverchucklever
committed
tlshd: Fix a minor race
Parfait complains about using a pathname to perform an access(2) and then passing the same pathname to open(2). Between the access(2) and the open(2) calls, the permissions can change. I think this is harmless for tlshd, but all the same, let's clean this up. Signed-off-by: Chuck Lever <[email protected]>
1 parent 8e93cc2 commit 78e91a7

File tree

1 file changed

+7
-19
lines changed

1 file changed

+7
-19
lines changed

src/tlshd/config.c

Lines changed: 7 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -140,7 +140,11 @@ static bool tlshd_config_read_datum(const char *pathname, gnutls_datum_t *data,
140140

141141
fd = open(pathname, O_RDONLY);
142142
if (fd == -1) {
143-
tlshd_log_perror("open");
143+
if (access(pathname, F_OK))
144+
tlshd_log_debug("tlshd cannot access \"%s\"",
145+
pathname);
146+
else
147+
tlshd_log_perror("open");
144148
goto out;
145149
}
146150
if (fstat(fd, &statbuf)) {
@@ -198,7 +202,7 @@ bool tlshd_config_get_client_truststore(char **bundle)
198202
g_error_free(error);
199203
return false;
200204
} else if (access(pathname, F_OK)) {
201-
tlshd_log_debug("client x509.truststore pathname \"%s\" is not accessible", pathname);
205+
tlshd_log_debug("tlshd cannot access \"%s\"", pathname);
202206
g_free(pathname);
203207
return false;
204208
}
@@ -234,10 +238,6 @@ bool tlshd_config_get_client_certs(gnutls_pcert_st *certs,
234238
if (!pathname) {
235239
g_error_free(error);
236240
return false;
237-
} else if (access(pathname, F_OK)) {
238-
tlshd_log_debug("client x509.certificate pathname \"%s\" is not accessible", pathname);
239-
g_free(pathname);
240-
return false;
241241
}
242242

243243
if (!tlshd_config_read_datum(pathname, &data, TLSHD_OWNER,
@@ -282,10 +282,6 @@ bool tlshd_config_get_client_privkey(gnutls_privkey_t *privkey)
282282
if (!pathname) {
283283
g_error_free(error);
284284
return false;
285-
} else if (access(pathname, F_OK)) {
286-
tlshd_log_debug("client x509.private_key pathname \"%s\" is not accessible", pathname);
287-
g_free(pathname);
288-
return false;
289285
}
290286

291287
if (!tlshd_config_read_datum(pathname, &data, TLSHD_OWNER,
@@ -336,7 +332,7 @@ bool tlshd_config_get_server_truststore(char **bundle)
336332
g_error_free(error);
337333
return false;
338334
} else if (access(pathname, F_OK)) {
339-
tlshd_log_debug("server x509.truststore pathname \"%s\" is not accessible", pathname);
335+
tlshd_log_debug("tlshd cannot access \"%s\"", pathname);
340336
g_free(pathname);
341337
return false;
342338
}
@@ -372,10 +368,6 @@ bool tlshd_config_get_server_certs(gnutls_pcert_st *certs,
372368
if (!pathname) {
373369
g_error_free(error);
374370
return false;
375-
} else if (access(pathname, F_OK)) {
376-
tlshd_log_debug("server x509.certificate pathname \"%s\" is not accessible", pathname);
377-
g_free(pathname);
378-
return false;
379371
}
380372

381373
if (!tlshd_config_read_datum(pathname, &data, TLSHD_OWNER,
@@ -420,10 +412,6 @@ bool tlshd_config_get_server_privkey(gnutls_privkey_t *privkey)
420412
if (!pathname) {
421413
g_error_free(error);
422414
return false;
423-
} else if (access(pathname, F_OK)) {
424-
tlshd_log_debug("server x509.privkey pathname \"%s\" is not accessible", pathname);
425-
g_free(pathname);
426-
return false;
427415
}
428416

429417
if (!tlshd_config_read_datum(pathname, &data, TLSHD_OWNER,

0 commit comments

Comments
 (0)