From 513f8a2bae945812125b852634136bcbb6b4e1d0 Mon Sep 17 00:00:00 2001
From: Juan RP <xtraeme@gmail.com>
Date: Wed, 8 Oct 2014 10:00:17 +0200
Subject: [PATCH] lib/repo.c: CID 62757 (toctou)

---
 lib/repo.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/lib/repo.c b/lib/repo.c
index 136fcbf6..9ce6d177 100644
--- a/lib/repo.c
+++ b/lib/repo.c
@@ -142,12 +142,6 @@ xbps_repo_open(struct xbps_handle *xhp, const char *url, bool lock)
 		/* local repository */
 		repofile = xbps_repo_path(xhp, url);
 	}
-
-	if (stat(repofile, &st) == -1) {
-		xbps_dbg_printf(xhp, "[repo] `%s' stat repodata %s\n",
-		    repofile, strerror(errno));
-		goto out;
-	}
 	/*
 	 * Open or create the repository archive.
 	 */
@@ -169,6 +163,11 @@ xbps_repo_open(struct xbps_handle *xhp, const char *url, bool lock)
 		xbps_dbg_printf(xhp, "[repo] failed to lock %s: %s\n", repo->uri, strerror(errno));
 		goto out;
 	}
+	if (fstat(repo->fd, &st) == -1) {
+		xbps_dbg_printf(xhp, "[repo] `%s' fstat repodata %s\n",
+		    repofile, strerror(errno));
+		goto out;
+	}
 
 	repo->ar = archive_read_new();
 	archive_read_support_compression_gzip(repo->ar);