From 8b44896bc1f657c7b40472cf55455d59a245c1a6 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Tue, 3 Jan 2023 20:41:45 -0600
Subject: [PATCH] hx509: Fix harmless TOCTOU in load_crl()

---
 lib/hx509/revoke.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/lib/hx509/revoke.c b/lib/hx509/revoke.c
index 18b2f8f8f..4cfdaaee4 100644
--- a/lib/hx509/revoke.c
+++ b/lib/hx509/revoke.c
@@ -600,18 +600,15 @@ load_crl(hx509_context context, const char *path, time_t *t, CRLCertificateList
     FILE *f;
     int ret;
 
+    *t = 0;
     memset(crl, 0, sizeof(*crl));
-
-    ret = stat(path, &sb);
-    if (ret)
-	return errno;
-    
-    *t = sb.st_mtime;
 	
     if ((f = fopen(path, "r")) == NULL)
 	return errno;
 
     rk_cloexec_file(f);
+    if (fstat(fileno(f), &sb) == 0)
+	*t = sb.st_mtime;
 
     ret = hx509_pem_read(context, f, crl_parser, crl);
     fclose(f);