- ftp: don't lose track of a descriptor on passive get when the server

fails to open a file
2008-02-25 19:50:42 +00:00 · 2008-02-25 19:50:42 +00:00 · 2cc4303bbc
commit 2cc4303bbc
parent a7d42c7b03
2 changed files with 73 additions and 0 deletions
--- a/krb5-1.6.3-ftp_fdleak.patch
+++ b/krb5-1.6.3-ftp_fdleak.patch
@ -0,0 +1,67 @@
+Don't open a new socket without closing a possibly already-open one. RT#5597.
+diff -uNr krb5/src/appl/gssftp/ftp/ftp.c krb5/src/appl/gssftp/ftp/ftp.c
+--- krb5/src/appl/gssftp/ftp/ftp.c
+++ krb5/src/appl/gssftp/ftp/ftp.c
+@@ -196,7 +196,7 @@ char *
+ hookup(char* host, int port)
+ {
+ 	register struct hostent *hp = 0;
+-	int s;
+	int s, t;
+ 	socklen_t len;
+ #ifdef IP_TOS
+ #ifdef IPTOS_LOWDELAY
+@@ -274,8 +274,13 @@ hookup(char* host, int port)
+ 	}
+ #endif
+ #endif
+#ifndef _WIN32
+	t = dup(s);
+#else
+	t = s;
+#endif
+ 	cin = FDOPEN_SOCKET(s, "r");
+-	cout = FDOPEN_SOCKET(s, "w");
+	cout = FDOPEN_SOCKET(t, "w");
+ 	if (cin == NULL || cout == NULL) {
+ 		fprintf(stderr, "ftp: fdopen failed.\n");
+ 		if (cin) {
+@@ -1448,6 +1453,8 @@
+ 	int a1,a2,a3,a4,p1,p2;
+ 
+ 	if (passivemode) {
+		if (data != INVALID_SOCKET)
+			(void) closesocket(data);
+ 		data = socket(AF_INET, SOCK_STREAM, 0);
+ 		if (data == INVALID_SOCKET) {
+ 			PERROR_SOCKET("ftp: socket");
+@@ -2366,4 +2371,16 @@ FILE* fdopen_socket(SOCKET s, char* mode
+ 
+ 	return f;
+ }
+#else
+/* Non-Win32 case takes the address of the variable so that we can "take
+ * ownership" of the descriptor number. */
+FILE* fdopen_socket(int *s, char* mode)
+{
+	FILE *fp;
+	fp = fdopen(*s, mode);
+	if (fp) {
+		*s = INVALID_SOCKET;
+	}
+	return fp;
+}
+ #endif /* _WIN32 */
+diff -up krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h
+--- krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h	2007-08-03 00:53:35.000000000 -0400
+++ krb5-1.3.4/src/appl/gssftp/ftp/ftp_var.h	2007-08-03 00:53:39.000000000 -0400
+@@ -48,7 +48,8 @@ FILE* fdopen_socket(SOCKET s, char* mode
+ #define PERROR_SOCKET(str) do { errno = SOCKET_ERRNO; perror(str); } while(0)
+ #else
+ #define FCLOSE_SOCKET(f) fclose(f)
+-#define FDOPEN_SOCKET(s, mode) fdopen(s, mode)
+FILE* fdopen_socket(int *s, char* mode);
+#define FDOPEN_SOCKET(s, mode) fdopen_socket(&s, mode)
+ #define SOCKETNO(fd) (fd)
+ #define PERROR_SOCKET(str) perror(str)
+ #endif
--- a/krb5.spec
+++ b/krb5.spec
@ -96,6 +96,7 @@ Patch68: krb5-trunk-spnego_delegation.patch
 Patch69: krb5-trunk-seqnum.patch
 Patch70: krb5-trunk-kpasswd_tcp2.patch
 Patch71: krb5-1.6.2-dirsrv-accountlock.patch
+Patch72: krb5-1.6.3-ftp_fdleak.patch

 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
@ -226,6 +227,10 @@ to obtain initial credentials from a KDC using a private key and a
 certificate.

 %changelog
+* Mon Feb 25 2008 Nalin Dahyabhai <nalin@redhat.com>
+- ftp: don't lose track of a descriptor on passive get when the server fails to
+  open a file
+
 * Mon Feb 25 2008 Nalin Dahyabhai <nalin@redhat.com>
 - in login, allow PAM to interact with the user when they've been strongly
  authenticated
@ -1309,6 +1314,7 @@ popd
 %patch69 -p0 -b .seqnum
 #%patch70 -p0 -b .kpasswd_tcp2
 %patch71 -p1 -b .dirsrv-accountlock
+%patch72 -p1 -b .ftp_fdleak
 cp src/krb524/README README.krb524
 gzip doc/*.ps