image-burner: avoid potential TOCTOU race in source path validation
This CL adds an additional check in image-burner to ensure that, after
verifying that the source path specifies an image file in an allowed
location (see CL:457403), the opened image file for reading refers to
the same path.
BUG=chromium:702030
TEST=Run unit tests.
TEST=Test burning a recovery image, from the following locations, to a
USB drive on Chromebook via the Chromebook Recovery Utility and
OnHub Recovery Utility app:
- the Download folder
- a Drive folder
- a mounted zip file
- another mounted USB drive
Change-Id: I156685178a62773d51bc2b52caf873d0f069f49d
Reviewed-on: https://chromium-review.googlesource.com/468050
Commit-Ready: Ben Chan <benchan@chromium.org>
Tested-by: Ben Chan <benchan@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
1 file changed