#1456 Attempt to close the same file stream twice
Closed: Fixed None Opened 7 years ago by sgallagh.

 348
CID 13025: Use after free (USE_AFTER_FREE)"fclose" frees "fstream".
 349    ret = fclose(fstream);
At conditional (1): "ret != 0" taking the true branch.
 350    if (ret != 0) {
 351        ret = errno;
At conditional (2): "debug_level & __debug_macro_newlevel" taking the true branch.
At conditional (3): "debug_timestamps" taking the true branch.
At conditional (4): "debug_microseconds" taking the true branch.
 352        DEBUG(SSSDBG_CRIT_FAILURE,
 353              ("fclose failed [%d][%s].\n", ret, strerror(ret)));
 354        goto done;
 355    }
 356    fstream = NULL;
 357
 358    ret = rename(tmp_file, mapping_file);
 359    if (ret == -1) {
 360        ret = errno;
 361        DEBUG(SSSDBG_CRIT_FAILURE,
 362              ("rename failed [%d][%s].\n", ret, strerror(ret)));
 363        goto done;
 364    }
 365
 366    talloc_zfree(tmp_file);
 367
 368    ret = chmod(mapping_file, 0644);
 369    if (ret == -1) {
 370        ret = errno;
 371        DEBUG(SSSDBG_CRIT_FAILURE,
 372              ("fchmod failed [%d][%s].\n", ret, strerror(ret)));
 373        goto done;
 374    }
 375
 376    ret = EOK;
 377done:
At conditional (5): "fstream" taking the true branch.
 378    if (fstream) {
Calling "fclose" dereferences freed pointer "fstream".
 379        err = fclose(fstream);
 380        if (err != 0) {
 381            err = errno;
 382            DEBUG(SSSDBG_CRIT_FAILURE,
 383                ("fclose failed [%d][%s].\n", err, strerror(err)));
 384            /* Nothing to do here, just report the failure */
 385        }
 386    }

Fields changed

owner: somebody => sgallagh
patch: 0 => 1
status: new => assigned

master: b1a8ecc

milestone: NEEDS_TRIAGE => SSSD 1.9.0 RC1
resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @sgallagh:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD 1.9.0 beta 7

2 years ago

Login to comment on this ticket.

Metadata