From c3696ef585df3b8c2ff9663255565b9a92abb0cf Mon Sep 17 00:00:00 2001
From: Guilherme Amadio <amadio@cern.ch>
Date: Tue, 26 Nov 2024 09:09:35 +0100
Subject: [PATCH] [XrdXrootd] Fix time-of-check vs time-of-use race condition

Between the call to stat and the open, the file size may change.
First open the file, then use fstat with the file descriptor to
ensure consistency.
---
 src/XrdXrootd/XrdXrootdPrepare.cc | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/XrdXrootd/XrdXrootdPrepare.cc b/src/XrdXrootd/XrdXrootdPrepare.cc
index 94700936228..581c72d676c 100644
--- a/src/XrdXrootd/XrdXrootdPrepare.cc
+++ b/src/XrdXrootd/XrdXrootdPrepare.cc
@@ -258,14 +258,19 @@ int XrdXrootdPrepare::Open(const char *reqid, int &fsz)
    strcpy(path, (const char *)LogDir);
    strcpy(path+LogDirLen, reqid);
 
+// Open the file and return the file descriptor
+//
+   if ((fd = open((const char *)path, O_RDONLY)) < 0) return -errno;
+
 // Get the file size
 //
-   if (stat((const char *)path, &buf)) return -errno;
+   if (fstat(fd, &buf) != 0) {
+     close(fd);
+     return -errno;
+   }
+
    fsz = buf.st_size;
 
-// Open the file and return the file descriptor
-//
-   if ((fd = open((const char *)path, O_RDONLY)) < 0) return -errno;
    return fd;
 }