Fix potential close(-1) in cc_file.c
This commit is contained in:
		
							parent
							
								
									707673a505
								
							
						
					
					
						commit
						aa800df204
					
				
							
								
								
									
										30
									
								
								Fix-potential-close-1-in-cc_file.c.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										30
									
								
								Fix-potential-close-1-in-cc_file.c.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,30 @@ | ||||
| From b2002f8286c0f77e57c7387123328a31125cda2e Mon Sep 17 00:00:00 2001 | ||||
| From: Robbie Harwood <rharwood@redhat.com> | ||||
| Date: Thu, 18 Apr 2019 13:39:37 -0400 | ||||
| Subject: [PATCH] Fix potential close(-1) in cc_file.c | ||||
| 
 | ||||
| As part of error handling in d3b39a8bac6206b5ea78b0bf6a2958c1df0b0dd5, | ||||
| an error path in delete_cred() may result in close(-1).  While this | ||||
| shouldn't be a prolblem in practice (just returning EBADF), it does | ||||
| upset Coverity. | ||||
| 
 | ||||
| ticket: 8792 | ||||
| (cherry picked from commit 5ccfbaf2f0c8871d2f0ea87ad4b21cc33392ca2c) | ||||
| ---
 | ||||
|  src/lib/krb5/ccache/cc_file.c | 3 ++- | ||||
|  1 file changed, 2 insertions(+), 1 deletion(-) | ||||
| 
 | ||||
| diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c
 | ||||
| index a3f67766e..bf58c1d45 100644
 | ||||
| --- a/src/lib/krb5/ccache/cc_file.c
 | ||||
| +++ b/src/lib/krb5/ccache/cc_file.c
 | ||||
| @@ -1122,7 +1122,8 @@ delete_cred(krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor,
 | ||||
|      } | ||||
|   | ||||
|  cleanup: | ||||
| -    close(fd);
 | ||||
| +    if (fd >= 0)
 | ||||
| +        close(fd);
 | ||||
|      zapfree(on_disk, expected.len); | ||||
|      k5_buf_free(&expected); | ||||
|      k5_buf_free(&overwrite); | ||||
| @ -18,7 +18,7 @@ Summary: The Kerberos network authentication system | ||||
| Name: krb5 | ||||
| Version: 1.17 | ||||
| # for prerelease, should be e.g., 0.% {prerelease}.1% { ?dist } (without spaces) | ||||
| Release: 11%{?dist} | ||||
| Release: 12%{?dist} | ||||
| 
 | ||||
| # lookaside-cached sources; two downloads and a build artifact | ||||
| Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}%{prerelease}.tar.gz | ||||
| @ -83,6 +83,7 @@ Patch110: Remove-Kerberos-v4-support-vestiges-from-ccapi.patch | ||||
| Patch111: Fix-config-realm-change-logic-in-FILE-remove_cred.patch | ||||
| Patch112: Remove-confvalidator-utility.patch | ||||
| Patch113: Remove-ovsec_adm_export-dump-format-support.patch | ||||
| Patch114: Fix-potential-close-1-in-cc_file.c.patch | ||||
| 
 | ||||
| License: MIT | ||||
| URL: http://web.mit.edu/kerberos/www/ | ||||
| @ -719,6 +720,9 @@ exit 0 | ||||
| %{_libdir}/libkadm5srv_mit.so.* | ||||
| 
 | ||||
| %changelog | ||||
| * Mon Apr 22 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-12 | ||||
| - Fix potential close(-1) in cc_file.c | ||||
| 
 | ||||
| * Wed Apr 17 2019 Robbie Harwood <rharwood@redhat.com> - 1.17-11 | ||||
| - Remove ovsec_adm_export and confvalidator | ||||
| 
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user