[Openvpn-devel,7/8] Fix corner case that might lead to leaked file descriptor

Message ID 20221215190143.2107896-8-arne@rfc2549.org
State Accepted
Headers show
Series Improvement/fixes based on Trail of Bits audit | expand

Commit Message

Arne Schwabe Dec. 15, 2022, 7:01 p.m. UTC
Reported-By: Trail of Bits
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/openvpn/misc.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Gert Doering Dec. 16, 2022, 5:40 p.m. UTC | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

stare-at-code confirms that this is a simple-enough fix.

One could argue for moving the fclose(fp) up before the tangled if/else/...
construct, but this one will do and is easy enough to review "it will
not change anything except in case of error".

Your patch has been applied to the master, release/2.6 and release/2.5 branch.

commit a034dc8153522713c3cfda90b2cda114cea70e2d (master)
commit 03f990b4df00bfb2cb9aa93155420efa935011b5 (release/2.6)
commit 1ec71f4568e13f2876e6ec15f1efda530693d2e9 (release/2.5)
Author: Arne Schwabe
Date:   Thu Dec 15 20:01:42 2022 +0100

     Fix corner case that might lead to leaked file descriptor

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20221215190143.2107896-8-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25730.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index d78106cdc..551606e0e 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -258,6 +258,7 @@  get_user_pass_cr(struct user_pass *up,
                 msg(D_LOW, "No password found in %s authfile '%s'. Querying the management interface", prefix, auth_file);
                 if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge))
                 {
+                    fclose(fp);
                     return false;
                 }
             }