[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #36276] Potential problem in parse_config() which may leak file des
From: |
Petr Pisar |
Subject: |
[bug #36276] Potential problem in parse_config() which may leak file descriptor |
Date: |
Wed, 25 Apr 2012 06:26:46 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0 |
Follow-up Comment #1, bug #36276 (project cvs):
All parse_config() calls do not check return value, run_exec() does not close
unneeded descriptors and CVS_FOPEN does not set O_CLOEXEC, so there is
possibility external command gets access to CVS configuration file.
I think copying final fclose() after set_defaults_and_return label is the
best
solution. Move is not enough because the non-error path would return without
closing the file.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?36276>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/