Calling function lastlog_perform_login(), that currently is the only user of lastlog_openseek(), assumes no need for ressource cleanup in case the function returns an error. However, lastlog_openseek() leaves the already allocated file descriptor in place in case the following lseek() fails.
Reported by Coverity - CID 1191538.
---
Compile tested, applies against github.com/mkj/dropbear.git
---
loginrec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/loginrec.c b/loginrec.c
index d6ec75f..00bd2dc 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -1344,6 +1344,7 @@ lastlog_openseek(struct logininfo *li, int *fd, int
filemode)
offset = (off_t) ((long)li->uid * sizeof(struct lastlog));
if ( lseek(*fd, offset, SEEK_SET) != offset ) {
+ close(*fd);
dropbear_log(LOG_WARNING, "lastlog_openseek:
%s->lseek(): %s",
lastlog_file, strerror(errno));
return 0;
--
1.8.3.2
signature.asc
Description: PGP signature
