[PATCH] Fix a potential ressource leak in function lastlog_openseek()
Christian Engelmayer
cengelma at gmx.at
Sun Apr 6 02:13:54 WST 2014
Calling function lastlog_perform_login(), that currently is the only user of
lastlog_openseek(), assumes no need for ressource cleanup in case the function
returns an error. However, lastlog_openseek() leaves the already allocated
file descriptor in place in case the following lseek() fails.
Reported by Coverity - CID 1191538.
---
Compile tested, applies against github.com/mkj/dropbear.git
---
loginrec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/loginrec.c b/loginrec.c
index d6ec75f..00bd2dc 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -1344,6 +1344,7 @@ lastlog_openseek(struct logininfo *li, int *fd, int filemode)
offset = (off_t) ((long)li->uid * sizeof(struct lastlog));
if ( lseek(*fd, offset, SEEK_SET) != offset ) {
+ close(*fd);
dropbear_log(LOG_WARNING, "lastlog_openseek: %s->lseek(): %s",
lastlog_file, strerror(errno));
return 0;
--
1.8.3.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20140405/9ef30e77/attachment.sig
More information about the Dropbear
mailing list