Message ID | 20221215190143.2107896-8-arne@rfc2549.org |
---|---|
State | Accepted |
Headers | show |
Series | Improvement/fixes based on Trail of Bits audit | expand |
Acked-by: Gert Doering <gert@greenie.muc.de> stare-at-code confirms that this is a simple-enough fix. One could argue for moving the fclose(fp) up before the tangled if/else/... construct, but this one will do and is easy enough to review "it will not change anything except in case of error". Your patch has been applied to the master, release/2.6 and release/2.5 branch. commit a034dc8153522713c3cfda90b2cda114cea70e2d (master) commit 03f990b4df00bfb2cb9aa93155420efa935011b5 (release/2.6) commit 1ec71f4568e13f2876e6ec15f1efda530693d2e9 (release/2.5) Author: Arne Schwabe Date: Thu Dec 15 20:01:42 2022 +0100 Fix corner case that might lead to leaked file descriptor Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20221215190143.2107896-8-arne@rfc2549.org> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25730.html Signed-off-by: Gert Doering <gert@greenie.muc.de> -- kind regards, Gert Doering
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index d78106cdc..551606e0e 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -258,6 +258,7 @@ get_user_pass_cr(struct user_pass *up, msg(D_LOW, "No password found in %s authfile '%s'. Querying the management interface", prefix, auth_file); if (!auth_user_pass_mgmt(up, prefix, flags, auth_challenge)) { + fclose(fp); return false; } }
Reported-By: Trail of Bits Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/misc.c | 1 + 1 file changed, 1 insertion(+)