From c6009cf13c0fd2a2f458d2081c4ed59a07ca0ef0 Mon Sep 17 00:00:00 2001 From: "C. McEnroe" Date: Fri, 11 Jun 2021 21:02:40 -0400 Subject: [PATCH] Open save file with "a+" Avoids another small TOCTOU. Rewind before loading since "a+" sets the file position at the end. Remove unnecessary fseek after truncation, since "a+" always writes at the end of the file. --- ui.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/ui.c b/ui.c index 82c4716..22b098e 100644 --- a/ui.c +++ b/ui.c @@ -1133,7 +1133,6 @@ static FILE *saveFile; int uiSave(void) { int error = 0 || ftruncate(fileno(saveFile), 0) - || fseek(saveFile, 0, SEEK_SET) || writeTime(saveFile, Signatures[7]) || writeTime(saveFile, self.pos); if (error) return error; @@ -1180,13 +1179,9 @@ static ssize_t readString(FILE *file, char **buf, size_t *cap) { } void uiLoad(const char *name) { - saveFile = dataOpen(name, "r+"); - if (!saveFile) { - if (errno != ENOENT) exit(EX_NOINPUT); - saveFile = dataOpen(name, "w"); - if (!saveFile) exit(EX_CANTCREAT); - return; - } + saveFile = dataOpen(name, "a+"); + if (!saveFile) exit(EX_CANTCREAT); + rewind(saveFile); time_t signature; fread(&signature, sizeof(signature), 1, saveFile);