libutil: pidfile_ functions may cause leaks
Kal
b17c0de at gmail.com
Tue Sep 2 10:30:08 UTC 2014
Hi,
If pidfile_write fails calling ftruncate or pwrite then pfh->pf_fd is
set to -1. This will cause pidfile_close and pidfile_remove to both
error out without actually freeing the pfh pointer. I have attached a
patch which will make pidfile_close and pidfile_remove always cause pfh
to be freed.
Thanks!
-------------- next part --------------
--- pidfile.c.orig 2014-09-02 12:08:38.000000000 +0200
+++ pidfile.c 2014-09-02 12:09:35.000000000 +0200
@@ -216,13 +216,10 @@
int error;
error = pidfile_verify(pfh);
- if (error != 0) {
- errno = error;
- return (-1);
+ if (error == 0) {
+ if (close(pfh->pf_fd) == -1)
+ error = errno;
}
-
- if (close(pfh->pf_fd) == -1)
- error = errno;
free(pfh);
if (error != 0) {
errno = error;
@@ -237,16 +234,13 @@
int error;
error = pidfile_verify(pfh);
- if (error != 0) {
- errno = error;
- return (-1);
- }
-
- if (unlink(pfh->pf_path) == -1)
- error = errno;
- if (close(pfh->pf_fd) == -1) {
- if (error == 0)
+ if (error == 0) {
+ if (unlink(pfh->pf_path) == -1)
error = errno;
+ if (close(pfh->pf_fd) == -1) {
+ if (error == 0)
+ error = errno;
+ }
}
if (freeit)
free(pfh);
More information about the freebsd-bugs
mailing list