From ad60c8f9eb62c78fb6fa0d09c872fe88d35e96c2 Mon Sep 17 00:00:00 2001
From: Wyatt Teeter <teeterwyatt@gmail.com>
Date: Tue, 30 Nov 2021 14:53:17 -0600
Subject: [PATCH] Fixes TOCTOU issue by removing the `access()` check and
 replacing it with a handled error for `fopen()`

---
 src/read_input.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/read_input.c b/src/read_input.c
index b2ea38e..ceb61ac 100644
--- a/src/read_input.c
+++ b/src/read_input.c
@@ -369,11 +369,12 @@ int validateArguments(int argc, char** argv) {
         return 0;
       }
 
-      // Verify file exists and we can read it
-      if (access(nextArg, R_OK) != -1) {
-      
-        // Open File
-        FILE *basicAuthFile = (FILE*) fopen(nextArg, "r");
+      // Open File
+      FILE *basicAuthFile = (FILE*) fopen(nextArg, "r");
+      if (basicAuthFile == NULL) {
+        printf("Cannot read from file '%s' to retrieve Basic Auth credentials. Verify the file exists and has read permission.\n\n%s", nextArg, helpMessage);
+        return 0;
+      } else {
 
         // Read line into buffer
         char* buffer = NULL;
@@ -415,9 +416,6 @@ int validateArguments(int argc, char** argv) {
           printf("No data in file '%s'. Verify the file has only one line and contains only '<username>:<password>'\n\n%s", nextArg, helpMessage); 
           return 0;
         }
-      } else {
-        printf("Cannot read from file '%s' to retrieve Basic Auth credentials. Verify the file exists and has read permission.\n\n%s", nextArg, helpMessage);
-        return 0;
       }
     }