rpms/cronie
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Resolve RHEL SAST issues

Browse Source 
Resolves: RHEL-44740
This commit is contained in:
Ondřej Pohořelský 2024-11-06 12:18:26 +01:00
parent fb1c12a5bb
commit 41f81a8786
2 changed files with 67 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
0001-Do-not-leak-file-descriptors-in-backup_crontab.patch Normal file
View File

@ -0,0 +1,64 @@
From dd6426f80011aa83a6b43f3ea592a1052690bc09 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com>
Date: Wed, 26 Jun 2024 16:08:44 +0200
Subject: [PATCH] Do not leak file descriptors in backup_crontab
Originally, if anything went wrong during the backup,
the early return caused the crontab_file and possibly backup_file
pointers to leak.
Issue found by static scanner.
---
src/crontab.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/src/crontab.c b/src/crontab.c
index 5318e71..ec624c7 100644
--- a/src/crontab.c
+++ b/src/crontab.c
@@ -562,6 +562,7 @@ static int backup_crontab(const char *crontab_path) {
if (swap_uids() == -1) {
perror("swapping uids");
+ (void) fclose(crontab_file);
exit(ERROR_EXIT);
}
@@ -584,22 +585,29 @@ static int backup_crontab(const char *crontab_path) {
swapback:
if (swap_uids_back() < OK) {
perror("swapping uids back");
+ if (backup_file != NULL) {
+ (void) fclose(backup_file);
+ }
+ (void) fclose(crontab_file);
exit(ERROR_EXIT);
}
if (retval != 0)
- return retval;
+ goto cleanup;
if (EOF != ch)
while (EOF != (ch = get_char(crontab_file)))
putc(ch, backup_file);
- (void) fclose(crontab_file);
- (void) fclose(backup_file);
-
printf("Backup of %s's previous crontab saved to %s\n", User, backup_path);
- return 0;
+cleanup:
+ if (backup_file != NULL) {
+ (void) fclose(backup_file);
+ }
+ (void) fclose(crontab_file);
+
+ return retval;
}
static void check_error(const char *msg) {
--
2.47.0

3
cronie.spec
View File

@ -14,6 +14,9 @@ Source0: https://github.com/cronie-crond/cronie/releases/download/cronie-%{ver
# https://github.com/cronie-crond/cronie/pull/163
Patch: n_option_wait_on_finnishing_grandchild_process.patch
# https://github.com/cronie-crond/cronie/pull/184
Patch: 0001-Do-not-leak-file-descriptors-in-backup_crontab.patch
Requires: dailyjobs
%if %{with selinux}