Thread: pgsql: libpq: Fix minor TOCTOU violation

libpq: Fix minor TOCTOU violation

libpq checks the permissions of the password file before opening it.
The way this is done in two separate operations, a static analyzer
would flag as a time-of-check-time-of-use violation.  In practice, you
can't do anything with that, but it still seems better style to fix
it.

To fix it, open the file first and then check the permissions on the
opened file handle.

Reviewed-by: Aleksander Alekseev <aleksander@timescale.com>
Reviewed-by: Andreas Karlsson <andreas@proxel.se>
Discussion: https://www.postgresql.org/message-id/flat/a3356054-14ae-4e7a-acc6-249d19dac20b%40eisentraut.org

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/e882bcae032d5e89777e2a1f3d78dfb77c17c192

Modified Files
--------------
src/interfaces/libpq/fe-connect.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)