The code is littered with TOCTTOU issues.
These need a condition handler around rename-file and delete-file to handle implementations that raise file-error if there is an error, the solution isn't probe-file because of the inherent TOCTTOU in probe-file:
|
(defun replace-file (from to) |
|
"Like RENAME-FILE, but deletes TO if it exists, first." |
|
(when (probe-file to) |
|
(delete-file to)) |
|
(rename-file from to)) |
|
(defun delete-file-if-exists (pathname) |
|
(when (probe-file pathname) |
|
(delete-file pathname))) |
This
probe-file in
copy-file seems completely unneeded:
Also, it appears there's a duplicate version of copy-file:
|
(defun copy-file (from-file to-file) |
|
(with-open-file (from-stream from-file :element-type '(unsigned-byte 8) |
|
:if-does-not-exist nil) |
|
(when from-stream |
|
(let ((buffer (make-array 10000 :element-type '(unsigned-byte 8)))) |
|
(with-open-file (to-stream to-file |
|
:direction :output |
|
:if-exists :supersede |
|
:element-type '(unsigned-byte 8)) |
|
(loop |
|
(let ((end-index (read-sequence buffer from-stream))) |
|
(when (zerop end-index) |
|
(return to-file)) |
|
(write-sequence buffer to-stream :end end-index)))))))) |
I sent a PR with an example: #233
If such fixes are acceptable, I'll work on this issue.
The code is littered with TOCTTOU issues.
These need a condition handler around
rename-fileanddelete-fileto handle implementations that raisefile-errorif there is an error, the solution isn'tprobe-filebecause of the inherent TOCTTOU inprobe-file:quicklisp-client/quicklisp/utils.lisp
Lines 28 to 32 in 10b61e5
quicklisp-client/quicklisp/utils.lisp
Lines 55 to 57 in 10b61e5
This
probe-fileincopy-fileseems completely unneeded:quicklisp-client/quicklisp/utils.lisp
Line 50 in 10b61e5
Also, it appears there's a duplicate version of copy-file:
quicklisp-client/quicklisp/bundle.lisp
Lines 270 to 283 in 10b61e5
I sent a PR with an example: #233
If such fixes are acceptable, I'll work on this issue.