Blame SOURCES/0007-Fix-file-descriptor-leak-when-executing-CA-helpers.patch
|
 |
ac6aa4 |
From f9c774f737a060b355533c215d7443b9865992a0 Mon Sep 17 00:00:00 2001
|
|
|
ac6aa4 |
From: Rob Crittenden <rcritten@redhat.com>
|
|
|
ac6aa4 |
Date: Thu, 12 Aug 2021 16:26:09 -0400
|
|
|
ac6aa4 |
Subject: [PATCH] Fix file descriptor leak when executing CA helpers
|
|
|
ac6aa4 |
|
|
|
ac6aa4 |
cm_cadata_start_generic() creates a pipe. One half is passed
|
|
|
ac6aa4 |
to fetch(), the function that does all helper calls,
|
|
|
ac6aa4 |
via the cm_cadata_state variable ret. The other half is the
|
|
|
ac6aa4 |
reader and is used to detect execution errors. There is a pair
|
|
|
ac6aa4 |
of write/read on this descriptor which on error would be the
|
|
|
ac6aa4 |
errno.
|
|
|
ac6aa4 |
|
|
|
ac6aa4 |
This second half wasn't being closed after reading to test for
|
|
|
ac6aa4 |
errors.
|
|
|
ac6aa4 |
|
|
|
ac6aa4 |
https://bugzilla.redhat.com/show_bug.cgi?id=1992439
|
|
|
ac6aa4 |
|
|
|
ac6aa4 |
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
|
|
ac6aa4 |
---
|
|
|
ac6aa4 |
src/cadata.c | 2 ++
|
|
|
ac6aa4 |
1 file changed, 2 insertions(+)
|
|
|
ac6aa4 |
|
|
|
ac6aa4 |
diff --git a/src/cadata.c b/src/cadata.c
|
|
|
ac6aa4 |
index 3e916c9..d851b9e 100644
|
|
|
ac6aa4 |
--- a/src/cadata.c
|
|
|
ac6aa4 |
+++ b/src/cadata.c
|
|
|
ac6aa4 |
@@ -772,8 +772,10 @@ cm_cadata_start_generic(struct cm_store_ca *ca, const char *op,
|
|
|
ac6aa4 |
cm_log(1, "Error running enrollment helper \"%s\": %s.\n",
|
|
|
ac6aa4 |
ca->cm_ca_external_helper, strerror(u));
|
|
|
ac6aa4 |
talloc_free(ret);
|
|
|
ac6aa4 |
+ close(error_fd[0]);
|
|
|
ac6aa4 |
return NULL;
|
|
|
ac6aa4 |
}
|
|
|
ac6aa4 |
+ close(error_fd[0]);
|
|
|
ac6aa4 |
return ret;
|
|
|
ac6aa4 |
}
|
|
|
ac6aa4 |
|
|
|
ac6aa4 |
--
|
|
|
ac6aa4 |
2.31.1
|
|
|
ac6aa4 |
|