Fixes TOCTOU issue by removing the access() check and replacing it …

…with a handled error for `fopen()`
xWyatt · Nov 30, 2021 · ad60c8f · ad60c8f
1 parent 541c8b6
commit ad60c8f
Showing 1 changed file with 6 additions and 8 deletions.
diff --git a/src/read_input.c b/src/read_input.c
@@ -369,11 +369,12 @@ int validateArguments(int argc, char** argv) {
         return 0;
       }
 
-      // Verify file exists and we can read it
-      if (access(nextArg, R_OK) != -1) {
-
-        // Open File
-        FILE *basicAuthFile = (FILE*) fopen(nextArg, "r");
+      // Open File
+      FILE *basicAuthFile = (FILE*) fopen(nextArg, "r");
+      if (basicAuthFile == NULL) {
+        printf("Cannot read from file '%s' to retrieve Basic Auth credentials. Verify the file exists and has read permission.\n\n%s", nextArg, helpMessage);
+        return 0;
+      } else {
 
         // Read line into buffer
         char* buffer = NULL;
@@ -415,9 +416,6 @@ int validateArguments(int argc, char** argv) {
           printf("No data in file '%s'. Verify the file has only one line and contains only '<username>:<password>'\n\n%s", nextArg, helpMessage); 
           return 0;
         }
-      } else {
-        printf("Cannot read from file '%s' to retrieve Basic Auth credentials. Verify the file exists and has read permission.\n\n%s", nextArg, helpMessage);
-        return 0;
       }
     }