resolved: fix TOCTOU in hook discovery

Coverity complains that the directory is not pinned by FD
so it might changed between the stat and the open

CID#1643236

Follow-up for 8209f4adcde08d225f56269e608ccd5f6704cd70

diff --git a/src/resolve/resolved-hook.c b/src/resolve/resolved-hook.c
index 4938e2d2a104dbfbcad93a30a7a93622b536f30e..9625e64fe25c764b1ccd61cf2d8c8021d57cc602 100644 (file)
--- a/src/resolve/resolved-hook.c
+++ b/src/resolve/resolved-hook.c
@@ -391,19 +391,6 @@ static int manager_hook_discover(Manager *m) {
 
         usec_t seen_usec = now(CLOCK_MONOTONIC);
 
-        struct stat st;
-        if (stat(dp, &st) < 0) {
-                if (errno == ENOENT)
-                        r = 0;
-                else
-                        r = log_warning_errno(errno, "Failed to stat %s/: %m", dp);
-
-                goto finish;
-        }
-
-        if (stat_inode_unmodified(&st, &m->hook_stat))
-                return 0;
-
         d = opendir(dp);
         if (!d) {
                 if (errno == ENOENT)
@@ -414,6 +401,15 @@ static int manager_hook_discover(Manager *m) {
                 goto finish;
         }
 
+        struct stat st;
+        if (fstat(dirfd(d), &st) < 0) {
+                r = log_warning_errno(errno, "Failed to fstat %s/: %m", dp);
+                goto finish;
+        }
+
+        if (stat_inode_unmodified(&st, &m->hook_stat))
+                return 0;
+
         for (;;) {
                 errno = 0;
                 struct dirent *de = readdir_no_dot(d);