Date: Tue, 02 Sep 2014 12:30:04 +0200 From: Kal <b17c0de@gmail.com> To: freebsd-bugs@freebsd.org Subject: libutil: pidfile_ functions may cause leaks Message-ID: <54059C2C.9090204@gmail.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Hi,
If pidfile_write fails calling ftruncate or pwrite then pfh->pf_fd is
set to -1. This will cause pidfile_close and pidfile_remove to both
error out without actually freeing the pfh pointer. I have attached a
patch which will make pidfile_close and pidfile_remove always cause pfh
to be freed.
Thanks!
[-- Attachment #2 --]
--- pidfile.c.orig 2014-09-02 12:08:38.000000000 +0200
+++ pidfile.c 2014-09-02 12:09:35.000000000 +0200
@@ -216,13 +216,10 @@
int error;
error = pidfile_verify(pfh);
- if (error != 0) {
- errno = error;
- return (-1);
+ if (error == 0) {
+ if (close(pfh->pf_fd) == -1)
+ error = errno;
}
-
- if (close(pfh->pf_fd) == -1)
- error = errno;
free(pfh);
if (error != 0) {
errno = error;
@@ -237,16 +234,13 @@
int error;
error = pidfile_verify(pfh);
- if (error != 0) {
- errno = error;
- return (-1);
- }
-
- if (unlink(pfh->pf_path) == -1)
- error = errno;
- if (close(pfh->pf_fd) == -1) {
- if (error == 0)
+ if (error == 0) {
+ if (unlink(pfh->pf_path) == -1)
error = errno;
+ if (close(pfh->pf_fd) == -1) {
+ if (error == 0)
+ error = errno;
+ }
}
if (freeit)
free(pfh);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54059C2C.9090204>