desktop-file: fix stat() race

_dbus_desktop_file_load() used to stat the desktop file before reading
it, to verify its size. This is both racy and unnecessary since
_dbus_file_get_contents() which it uses stats the file anyway -- does
that however in a race-free fashion with fstat() instead of stat().

This patch gets rid of the redundant stat(). Also, since the desktop
file change logic requires the mtime of the file it read we now export
that in _dbus_file_get_contents().

This patch probably breaks Win32 builds, but afaik those are broken
anyway.

1 files changed, 3 insertions, 16 deletions

diff --git a/dbus/dbus-desktop-file.c b/dbus/dbus-desktop-file.c
index 4f17b93f..8994c4b6 100644
--- a/dbus/dbus-desktop-file.c
+++ b/dbus/dbus-desktop-file.c
@@ -625,30 +625,17 @@ _dbus_desktop_file_load (DBusString *filename,
 {
   DBusString str;
   DBusDesktopFileParser parser;
-  DBusStat sb;
+  unsigned long mtime;
 
   _DBUS_ASSERT_ERROR_IS_CLEAR (error);
 
-  /* Clearly there's a race here, but it's just to make it unlikely
-   * that we do something silly, we still handle doing it below.
-   */
-  if (!_dbus_stat (filename, &sb, error))
-    return NULL;
-
-  if (sb.size > _DBUS_ONE_KILOBYTE * 128)
-    {
-      dbus_set_error (error, DBUS_ERROR_FAILED,
-                      "Desktop file size (%ld bytes) is too large", (long) sb.size);
-      return NULL;
-    }
-
   if (!_dbus_string_init (&str))
     {
       _DBUS_SET_OOM (error);
       return NULL;
     }
 
-  if (!_dbus_file_get_contents (&str, filename, error))
+  if (!_dbus_file_get_contents (&str, filename, &mtime, error))
     {
       _dbus_string_free (&str);
       return NULL;
@@ -670,7 +657,7 @@ _dbus_desktop_file_load (DBusString *filename,
       return NULL;
     }
 
-  parser.desktop_file->mtime = sb.mtime;
+  parser.desktop_file->mtime = mtime;
   parser.data = str;
   parser.line_num = 1;
   parser.pos = 0;