From 41f81a8786d9d97a3765b1be304f5c00cc65b247 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Poho=C5=99elsk=C3=BD?= <opohorel@redhat.com>
Date: Wed, 6 Nov 2024 12:18:26 +0100
Subject: [PATCH] Resolve RHEL SAST issues

Resolves: RHEL-44740
---
 ...k-file-descriptors-in-backup_crontab.patch | 64 +++++++++++++++++++
 cronie.spec                                   |  3 +
 2 files changed, 67 insertions(+)
 create mode 100644 0001-Do-not-leak-file-descriptors-in-backup_crontab.patch

diff --git a/0001-Do-not-leak-file-descriptors-in-backup_crontab.patch b/0001-Do-not-leak-file-descriptors-in-backup_crontab.patch
new file mode 100644
index 0000000..ed8bee7
--- /dev/null
+++ b/0001-Do-not-leak-file-descriptors-in-backup_crontab.patch
@@ -0,0 +1,64 @@
+From dd6426f80011aa83a6b43f3ea592a1052690bc09 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jan=20Stan=C4=9Bk?= <jstanek@redhat.com>
+Date: Wed, 26 Jun 2024 16:08:44 +0200
+Subject: [PATCH] Do not leak file descriptors in backup_crontab
+
+Originally, if anything went wrong during the backup,
+the early return caused the crontab_file and possibly backup_file
+pointers to leak.
+
+Issue found by static scanner.
+---
+ src/crontab.c | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/src/crontab.c b/src/crontab.c
+index 5318e71..ec624c7 100644
+--- a/src/crontab.c
++++ b/src/crontab.c
+@@ -562,6 +562,7 @@ static int backup_crontab(const char *crontab_path) {
+ 	
+ 	if (swap_uids() == -1) {
+ 		perror("swapping uids");
++		(void) fclose(crontab_file);
+ 		exit(ERROR_EXIT);
+ 	}
+ 
+@@ -584,22 +585,29 @@ static int backup_crontab(const char *crontab_path) {
+ 	swapback:
+ 	if (swap_uids_back() < OK) {
+ 		perror("swapping uids back");
++		if (backup_file != NULL) {
++			(void) fclose(backup_file);
++		}
++		(void) fclose(crontab_file);
+ 		exit(ERROR_EXIT);
+ 	}
+ 
+ 	if (retval != 0)
+-		return retval;
++		goto cleanup;
+ 
+ 	if (EOF != ch)
+ 		while (EOF != (ch = get_char(crontab_file)))
+ 			putc(ch, backup_file);
+ 
+-	(void) fclose(crontab_file);
+-	(void) fclose(backup_file);
+-
+ 	printf("Backup of %s's previous crontab saved to %s\n", User, backup_path);
+ 
+-	return 0;
++cleanup:
++	if (backup_file != NULL) {
++		(void) fclose(backup_file);
++	}
++	(void) fclose(crontab_file);
++
++	return retval;
+ }
+ 
+ static void check_error(const char *msg) {
+-- 
+2.47.0
+
diff --git a/cronie.spec b/cronie.spec
index fc4df93..7683c34 100644
--- a/cronie.spec
+++ b/cronie.spec
@@ -14,6 +14,9 @@ Source0:   https://github.com/cronie-crond/cronie/releases/download/cronie-%{ver
 # https://github.com/cronie-crond/cronie/pull/163
 Patch:     n_option_wait_on_finnishing_grandchild_process.patch
 
+# https://github.com/cronie-crond/cronie/pull/184
+Patch:     0001-Do-not-leak-file-descriptors-in-backup_crontab.patch
+
 Requires:  dailyjobs
 
 %if %{with selinux}