daemon/tls_ephemeral_credentials: fix possible race between read() and fstat()

author Oto Šťáva <oto.stava@nic.cz>

Mon, 20 May 2024 09:52:27 +0000 (11:52 +0200)

committer Oto Šťáva <oto.stava@nic.cz>

Mon, 20 May 2024 10:18:42 +0000 (12:18 +0200)
author Oto Šťáva <oto.stava@nic.cz>
Mon, 20 May 2024 09:52:27 +0000 (11:52 +0200)
committer Oto Šťáva <oto.stava@nic.cz>
Mon, 20 May 2024 10:18:42 +0000 (12:18 +0200)
diff --git a/daemon/tls_ephemeral_credentials.c b/daemon/tls_ephemeral_credentials.c

index 0d9ec6db6453bb3685b66e853261b41dd27618e4..2b928faaad04bbd0b949606b034f35b5a66ccd0f 100644 (file)
--- a/daemon/tls_ephemeral_credentials.c
+++ b/daemon/tls_ephemeral_credentials.c
@@ -91,7 +91,7 @@ static gnutls_x509_privkey_t get_ephemeral_privkey (void)
                 }
                 data.size = stat.st_size;
                 bytes_read = read(datafd, data.data, stat.st_size);
-               if (bytes_read != stat.st_size) {
+               if (bytes_read < 0 || bytes_read != stat.st_size) {
                         kr_log_error(TLS, "unable to read ephemeral private key\n");
                         goto bad_data;
                 }
author	Oto Šťáva <oto.stava@nic.cz>
	Mon, 20 May 2024 09:52:27 +0000 (11:52 +0200)
committer	Oto Šťáva <oto.stava@nic.cz>
	Mon, 20 May 2024 10:18:42 +0000 (12:18 +0200)