I agree with this more. Also, the previous patch had + if (access(nfilename, R_OK) == 0) + tftp_open(client, nfilename);
Which means if the directory is writeable by something else up the server side, you have TOCTOU. Never check if you can open, then open. Just open, and based upon that make a decision. Always convert a path to a fd, then decide. Never check a path, then uhm, check it again.
