Re: [patch] httpd/src/modules/ssl/ssl_util_table.c - fd leak

Fri, 05 Feb 2010 18:18:26 -0800 

You are correct, but the patch isn't complete.  You should be calling
fclose on the FILE *.  Also, the table_write function has similar
bugs.  I spent some time consolidating the error handling, but
eventually just gave up.  (are these functions even used?)

2009/12/18 Igor Zinovik <[email protected]>:
>        Hello.
>
> Looks like a file descriptor leak?
>
> Index: ssl_util_table.c
> ===================================================================
> RCS file: /OpenBSD/src/usr.sbin/httpd/src/modules/ssl/ssl_util_table.c,v
> retrieving revision 1.6
> diff -u -r1.6 ssl_util_table.c
> --- ssl_util_table.c    2 Dec 2004 19:42:47 -0000       1.6
> +++ ssl_util_table.c    20 Jan 2010 20:13:22 -0000
> @@ -2401,6 +2401,7 @@
>     if (table_p == NULL) {
>         if (error_p != NULL)
>             *error_p = TABLE_ERROR_ALLOC;
> +       close(fd);
>         return NULL;
>     }
>  @@ -2409,6 +2410,7 @@
>     if (infile == NULL) {
>         if (error_p != NULL)
>             *error_p = TABLE_ERROR_OPEN;
> +       close(fd);
>         return NULL;
>     }
>  @@ -2420,6 +2422,7 @@
>             free_f(table_p);
>         else
>             free(table_p);
> +       close(fd);
>         return NULL;
>     }
>     table_p->ta_file_size = 0;
> @@ -2433,6 +2436,7 @@
>     if (table_p->ta_magic != TABLE_MAGIC) {
>         if (error_p != NULL)
>             *error_p = TABLE_ERROR_PNT;
> +       close(fd);
>         return NULL;
>     }
>  @@ -2442,6 +2446,7 @@
>         if (error_p != NULL)
>             *error_p = TABLE_ERROR_ALLOC;
>         table_p->ta_free(table_p);
> +       close(fd);
>         return NULL;
>     }
>  @@ -2451,6 +2456,7 @@
>             *error_p = TABLE_ERROR_READ;
>         table_p->ta_free(table_p->ta_buckets);
>         table_p->ta_free(table_p);
> +       close(fd);
>         return NULL;
>     }
>  @@ -2476,6 +2482,7 @@
>                     table_p->ta_free(entry_p);
>                 table_p->ta_free(table_p);
>                 /* the other table elements will not be freed */
> +               close(fd);
>                 return NULL;
>             }
>             if (fread(&entry, sizeof(struct table_shell_st), 1, infile) !=
> 1) {
> @@ -2486,6 +2493,7 @@
>                     table_p->ta_free(entry_p);
>                 table_p->ta_free(table_p);
>                 /* the other table elements will not be freed */
> +               close(fd);
>                 return NULL;
>             }
>  @@ -2498,6 +2506,7 @@
>                 table_p->ta_free(table_p->ta_buckets);
>                 table_p->ta_free(table_p);
>                 /* the other table elements will not be freed */
> +               close(fd);
>                 return NULL;
>             }
>             entry_p->te_key_size = entry.te_key_size;
> @@ -2517,6 +2526,7 @@
>                 table_p->ta_free(entry_p);
>                 table_p->ta_free(table_p);
>                 /* the other table elements will not be freed */
> +               close(fd);
>                 return NULL;
>             }

Reply via email to