[bug #36276] Potential problem in parse_config() which may leak file des

bug-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #36276] Potential problem in parse_config() which may leak file des

From:	Petr Pisar
Subject:	[bug #36276] Potential problem in parse_config() which may leak file descriptor
Date:	Wed, 25 Apr 2012 06:26:46 +0000
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0

Follow-up Comment #1, bug #36276 (project cvs):

All parse_config() calls do not check return value, run_exec() does not close
unneeded descriptors and CVS_FOPEN does not set O_CLOEXEC, so there is
possibility external command gets access to CVS configuration file.

I think copying final fclose() after set_defaults_and_return label is the
best
solution. Move is not enough because the non-error path would return without
closing the file.

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?36276>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #36276] Potential problem in parse_config() which may leak file descriptor, anonymous, 2012/04/23
- [bug #36276] Potential problem in parse_config() which may leak file descriptor, Petr Pisar <=

Prev by Date: [bug #36276] Potential problem in parse_config() which may leak file descriptor
Next by Date: Invitation to connect on LinkedIn
Previous by thread: [bug #36276] Potential problem in parse_config() which may leak file descriptor
Next by thread: Invitation to connect on LinkedIn
Index(es):
- Date
- Thread