appliance: Don't set utime on cachedir until we know it is safe.

This could be used to touch an arbitrary file (albeit one which
must already exist), and this could have been a security problem.

diff --git a/src/appliance.c b/src/appliance.c
index 30eb6fd..1b6b505 100644 (file)
--- a/src/appliance.c
+++ b/src/appliance.c
@@ -320,7 +320,6 @@ check_for_cached_appliance (guestfs_h *g,
   snprintf (filename, len, "%s/checksum", cachedir);
 
   (void) mkdir (cachedir, 0755);
-  (void) utime (cachedir, NULL);
 
   /* See if the cache directory exists and passes some simple checks
    * to make sure it has not been tampered with.
@@ -344,6 +343,8 @@ check_for_cached_appliance (guestfs_h *g,
     return -1;
   }
 
+  (void) utime (cachedir, NULL);
+
   garbage_collect_appliances (cachedir);
 
   /* Try to open and acquire a lock on the checksum file. */