From: Oto Šťáva <oto.stava@nic.cz>
Date: Mon, 20 May 2024 09:52:27 +0000 (+0200)
Subject: daemon/tls_ephemeral_credentials: fix possible race between read() and fstat()
X-Git-Tag: v5.7.3~3^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bda4387ea9b09e03be69d38db104f5245b32d110;p=thirdparty%2Fknot-resolver.git

daemon/tls_ephemeral_credentials: fix possible race between read() and fstat()
---

diff --git a/daemon/tls_ephemeral_credentials.c b/daemon/tls_ephemeral_credentials.c
index 0d9ec6db6..2b928faaa 100644
--- a/daemon/tls_ephemeral_credentials.c
+++ b/daemon/tls_ephemeral_credentials.c
@@ -91,7 +91,7 @@ static gnutls_x509_privkey_t get_ephemeral_privkey (void)
 		}
 		data.size = stat.st_size;
 		bytes_read = read(datafd, data.data, stat.st_size);
-		if (bytes_read != stat.st_size) {
+		if (bytes_read < 0 || bytes_read != stat.st_size) {
 			kr_log_error(TLS, "unable to read ephemeral private key\n");
 			goto bad_data;
 		}