From 245a7edb055ca1e2bfeafb90595db8e147be613f Mon Sep 17 00:00:00 2001 From: Andriy Voskoboinyk Date: Fri, 8 Feb 2019 14:31:44 +0000 Subject: [PATCH] newkey(8): fix 'tmpname' memory leak (always) and input file descriptor leak when output file cannot be opened PR: 201732 Reported by: David Binderman MFC after: 1 week --- usr.bin/newkey/update.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/usr.bin/newkey/update.c b/usr.bin/newkey/update.c index 11a1db94261a..b6d18c47c954 100644 --- a/usr.bin/newkey/update.c +++ b/usr.bin/newkey/update.c @@ -266,11 +266,14 @@ localupdate(char *name, char *filename, u_int op, u_int keylen __unused, sprintf(tmpname, "%s.tmp", filename); rf = fopen(filename, "r"); if (rf == NULL) { - return (ERR_READ); + err = ERR_READ; + goto cleanup; } wf = fopen(tmpname, "w"); if (wf == NULL) { - return (ERR_WRITE); + fclose(rf); + err = ERR_WRITE; + goto cleanup; } err = -1; while (fgets(line, sizeof (line), rf)) { @@ -310,13 +313,18 @@ localupdate(char *name, char *filename, u_int op, u_int keylen __unused, fclose(rf); if (err == 0) { if (rename(tmpname, filename) < 0) { - return (ERR_DBASE); + err = ERR_DBASE; + goto cleanup; } } else { if (unlink(tmpname) < 0) { - return (ERR_DBASE); + err = ERR_DBASE; + goto cleanup; } } + +cleanup: + free(tmpname); return (err); }