api.c: Fix TOCTOU race cgroup_get_cg_type()

Fix a TOCTOU race condition, that checks for file existence versus file
open in cgroup_get_cg_type() by opening the file and check for errno for
file existence.

Reported-by: LGTM
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Signed-off-by: Tom Hromatka <tom.hromatka@oracle.com>

diff --git a/src/api.c b/src/api.c
index ab24fdb3919d84a282eced3b67881eac1501cb97..83e68522db57def6900824d7861d7265cf23f935 100644 (file)
--- a/src/api.c
+++ b/src/api.c
@@ -1550,23 +1550,20 @@ static int cgroup_get_cg_type(const char * const path, char * const type,
        char cg_type[LL_MAX];
        int len, err = 0;
        FILE *fp = NULL;
-       struct stat st;
-       int stat_ret;
 
        snprintf(cg_type_path, FILENAME_MAX, "%scgroup.type", path);
-       /* file cgroup.type, doesn't exist for root cgroup. */
-       stat_ret = stat(cg_type_path, &st);
-       if (stat_ret != 0) {
-               snprintf(type, type_sz, "cgroup.procs");
-               goto out;
-       }
-
        fp = fopen(cg_type_path, "re");
        if (!fp) {
-               cgroup_warn("Warning: failed to open file %s: %s\n",
-                               cg_type_path, strerror(errno));
-               err = ECGOTHER;
-               goto out;
+               if (errno == ENOENT) {
+                       /* file cgroup.type, doesn't exist for root cgroup. */
+                       snprintf(type, type_sz, "cgroup.procs");
+                       goto out;
+               } else {
+                       cgroup_warn("Warning: failed to open file %s: %s\n",
+                                       cg_type_path, strerror(errno));
+                       err = ECGOTHER;
+                       goto out;
+               }
        }
 
        if (fgets(cg_type, LL_MAX, fp) == NULL) {