diff options
author | Chris Engel <cjengel@us.ibm.com> | 2017-10-13 13:23:11 -0400 |
---|---|---|
committer | Chris Engel <cjengel@us.ibm.com> | 2017-10-16 11:56:44 -0400 |
commit | b6e26e7823f56647618827d20667cf2dcc2087e8 (patch) | |
tree | 44e75c806838d9eacf1b5d9bd311167b1623b5e5 | |
parent | 150657872f176a12059fc969a9b3b8c3b907ade5 (diff) | |
download | sb-signing-framework-b6e26e7823f56647618827d20667cf2dcc2087e8.tar.gz sb-signing-framework-b6e26e7823f56647618827d20667cf2dcc2087e8.zip |
Fix file descriptor leakage
-rw-r--r-- | src/signframework/dropbox_utils.c | 4 | ||||
-rw-r--r-- | src/signframework/framework_utils.c | 5 | ||||
-rw-r--r-- | src/signframework/utils.c | 12 |
3 files changed, 16 insertions, 5 deletions
diff --git a/src/signframework/dropbox_utils.c b/src/signframework/dropbox_utils.c index d12ef12..5b59cfc 100644 --- a/src/signframework/dropbox_utils.c +++ b/src/signframework/dropbox_utils.c @@ -253,7 +253,6 @@ int processEvent(FrameworkConfig *frameworkConfig, struct inotify_event *i, char* filename = NULL; DropboxRequest request; - File_OpenMessageFile(frameworkConfig->outputBodyFilename, "w"); if (verbose) displayInotifyEvent(i); @@ -269,6 +268,9 @@ int processEvent(FrameworkConfig *frameworkConfig, struct inotify_event *i, // Ignore anything but a request.go file pos = strstr(i->name, ".request.go"); if (pos != NULL) { + // Open message file here, will be closed after request processing + File_OpenMessageFile(frameworkConfig->outputBodyFilename, "w"); + dropboxRequestInit(&request, frameworkConfig); request.dbConfig = db; request.event = i; diff --git a/src/signframework/framework_utils.c b/src/signframework/framework_utils.c index 7c90968..e88b553 100644 --- a/src/signframework/framework_utils.c +++ b/src/signframework/framework_utils.c @@ -1906,8 +1906,8 @@ int Password_KDF(unsigned char *eku, /* preallocated 16 bytes, 128 bits */ unsigned char initialization_vector[IV_SIZE]; unsigned char *cleartext = NULL; /* freed @1 */ unsigned char *ciphertext = NULL; /* freed @2 */ - long cleartext_length; - long ciphertext_length; + long cleartext_length = 0; + long ciphertext_length = 0; /* cannot modify 'sender', so make a copy. The NUL terminator will be replaced by the 0,1,2 */ if (rc == 0) { @@ -2365,6 +2365,7 @@ int CallSigner(Arguments *arguments, parent */ else { + File_CloseMessageFile(); /* NOTE: From here down, no printing to messageFile until child returns. */ /* parent waits for the child signer program to complete. The call to wait() gets the return code for the exec'ed child process */ diff --git a/src/signframework/utils.c b/src/signframework/utils.c index 6edd0cc..0d95cbf 100644 --- a/src/signframework/utils.c +++ b/src/signframework/utils.c @@ -99,8 +99,16 @@ int File_Open(FILE **file, if (rc == 0) { *file = fopen(filename, mode); if (*file == NULL) { - if (verbose) fprintf(messageFile, "File_Open: Error opening %s for %s, %s\n", + if (verbose) { + // Check to make sure we aren't attempting to reroute the message file + if (file != &messageFile) { + fprintf(messageFile, "File_Open: Error opening %s for %s, %s\n", filename, mode, strerror(errno)); + } else { + fprintf(stderr, "File_Open: Error opening %s for %s, %s\n", + filename, mode, strerror(errno)); + } + } rc = ERROR_CODE; } } @@ -135,12 +143,12 @@ int File_OpenMessageFile(const char *outputBodyFilename, } /* if the open failed */ else { + messageFile = stdout; fprintf(messageFile, "File_OpenMessageFile: Error cannot open %s\n", outputBodyFilename); /* Since the configuration is validated at startup, this should never fail. The only possibilty is that something happened to the platform while the framework was running. No email can be returned and messages go to stdout. */ - messageFile= stdout; rc = RESPONSE_NO_EMAIL; } return rc; |