#1456 Attempt to close the same file stream twice
Closed: Fixed None Opened 8 years ago by sgallagh.

 348
CID 13025: Use after free (USE_AFTER_FREE)"fclose" frees "fstream".
 349    ret = fclose(fstream);
At conditional (1): "ret != 0" taking the true branch.
 350    if (ret != 0) {
 351        ret = errno;
At conditional (2): "debug_level & __debug_macro_newlevel" taking the true branch.
At conditional (3): "debug_timestamps" taking the true branch.
At conditional (4): "debug_microseconds" taking the true branch.
 352        DEBUG(SSSDBG_CRIT_FAILURE,
 353              ("fclose failed [%d][%s].\n", ret, strerror(ret)));
 354        goto done;
 355    }
 356    fstream = NULL;
 357
 358    ret = rename(tmp_file, mapping_file);
 359    if (ret == -1) {
 360        ret = errno;
 361        DEBUG(SSSDBG_CRIT_FAILURE,
 362              ("rename failed [%d][%s].\n", ret, strerror(ret)));
 363        goto done;
 364    }
 365
 366    talloc_zfree(tmp_file);
 367
 368    ret = chmod(mapping_file, 0644);
 369    if (ret == -1) {
 370        ret = errno;
 371        DEBUG(SSSDBG_CRIT_FAILURE,
 372              ("fchmod failed [%d][%s].\n", ret, strerror(ret)));
 373        goto done;
 374    }
 375
 376    ret = EOK;
 377done:
At conditional (5): "fstream" taking the true branch.
 378    if (fstream) {
Calling "fclose" dereferences freed pointer "fstream".
 379        err = fclose(fstream);
 380        if (err != 0) {
 381            err = errno;
 382            DEBUG(SSSDBG_CRIT_FAILURE,
 383                ("fclose failed [%d][%s].\n", err, strerror(err)));
 384            /* Nothing to do here, just report the failure */
 385        }
 386    }

Fields changed

owner: somebody => sgallagh
patch: 0 => 1
status: new => assigned

master: b1a8ecc

milestone: NEEDS_TRIAGE => SSSD 1.9.0 RC1
resolution: => fixed
status: assigned => closed

Fields changed

rhbz: => 0

Metadata Update from @sgallagh:
- Issue assigned to sgallagh
- Issue set to the milestone: SSSD 1.9.0 beta 7

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2498

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata