From 679897d0a1ff445bb6e0c55463b198bcc9efcb6c Mon Sep 17 00:00:00 2001
From: Philippe Teuwen <yobibe@gmail.com>
Date: Sun, 22 Sep 2013 02:29:07 +0200
Subject: [PATCH] nfc-emulate-forum-tag4: fix TOCTOU

Hopefully fix TOCTOU by calling fopen() before stat()

At least this should prevent Coverity to complain about it:
CID 1090346 (#1 of 1): Time of check time of use (TOCTOU)
  fs_check_call: Calling function "stat(char const *, struct stat *)" to perform check on "filename".
  toctou: Calling function "fopen(char const * restrict, char const * restrict)" that uses "filename" after a check function. This can cause a time-of-check, time-of-use race condition.

Note that it seems pretty hard to avoid completely:
https://en.wikipedia.org/wiki/Time_of_check_to_time_of_use#Preventing_TOCTTOU
---
 utils/nfc-emulate-forum-tag4.c | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/utils/nfc-emulate-forum-tag4.c b/utils/nfc-emulate-forum-tag4.c
index e75da84..8095af4 100644
--- a/utils/nfc-emulate-forum-tag4.c
+++ b/utils/nfc-emulate-forum-tag4.c
@@ -255,14 +255,21 @@ static int
 ndef_message_load(char *filename, struct nfcforum_tag4_ndef_data *tag_data)
 {
   struct stat sb;
+  FILE *F;
+  if (!(F = fopen(filename, "r"))) {
+    printf("File not found or not accessible '%s'\n", filename);
+    return -1;
+  }
   if (stat(filename, &sb) < 0) {
-    printf("file not found or not accessible '%s'", filename);
+    printf("File not found or not accessible '%s'\n", filename);
+    fclose(F);
     return -1;
   }
 
   /* Check file size */
   if (sb.st_size > 0xFFFF) {
-    printf("file size too large '%s'", filename);
+    printf("File size too large '%s'\n", filename);
+    fclose(F);
     return -1;
   }
 
@@ -271,14 +278,9 @@ ndef_message_load(char *filename, struct nfcforum_tag4_ndef_data *tag_data)
   tag_data->ndef_file[0] = (uint8_t)(sb.st_size >> 8);
   tag_data->ndef_file[1] = (uint8_t)(sb.st_size);
 
-  FILE *F;
-  if (!(F = fopen(filename, "r"))) {
-    printf("fopen (%s, \"r\")", filename);
-    return -1;
-  }
 
   if (1 != fread(tag_data->ndef_file + 2, sb.st_size, 1, F)) {
-    printf("Can't read from %s", filename);
+    printf("Can't read from %s\n", filename);
     fclose(F);
     return -1;
   }
@@ -292,12 +294,12 @@ ndef_message_save(char *filename, struct nfcforum_tag4_ndef_data *tag_data)
 {
   FILE *F;
   if (!(F = fopen(filename, "w"))) {
-    printf("fopen (%s, w)", filename);
+    printf("fopen (%s, w)\n", filename);
     return -1;
   }
 
   if (1 != fwrite(tag_data->ndef_file + 2, tag_data->ndef_file_len - 2, 1, F)) {
-    printf("fwrite (%d)", (int) tag_data->ndef_file_len - 2);
+    printf("fwrite (%d)\n", (int) tag_data->ndef_file_len - 2);
     fclose(F);
     return -1;
   }
@@ -381,7 +383,7 @@ main(int argc, char *argv[])
   // If some file is provided load it
   if (argc >= (2 + options)) {
     if (ndef_message_load(argv[1 + options], &nfcforum_tag4_data) < 0) {
-      printf("Can't load NDEF file '%s'", argv[1 + options]);
+      printf("Can't load NDEF file '%s'\n", argv[1 + options]);
       exit(EXIT_FAILURE);
     }
   }