Closed Bug 1070493 Opened 10 years ago Closed 10 years ago

file descriptor leak in "secu_InitSlotPassword" in 'nss/cmd/lib/secutil.c'

Categories

(NSS :: Libraries, defect)

3.16.4
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED
3.17.3

People

(Reporter: sachingpt999, Unassigned)

Details

Attachments

(1 file)

File in which bug exists : nss/cmd/lib/secutil.c Function name in which bug exists: secu_InitSlotPassword The file descriptor 'input' has not been taken care of, when file descriptor 'output' is NULL and function terminates due to the return statement (line 293). Before calling return in 'output' NULL check, file descriptor input should be closed using fclose(). NSS 3.16.4 version code:: if (input == NULL) { PR_fprintf(PR_STDERR, "Error opening input terminal for read\n"); return NULL; } /* we have no password, so initialize database with one */ PR_fprintf(PR_STDERR, "Enter a password which will be used to encrypt your keys.\n" "The password should be at least 8 characters long,\n" "and should contain at least one non-alphabetic character.\n\n"); output = fopen(consoleName, "w"); if (output == NULL) { PR_fprintf(PR_STDERR, "Error opening output terminal for write\n"); return NULL; } Recommended code: if (input == NULL) { PR_fprintf(PR_STDERR, "Error opening input terminal for read\n"); return NULL; } /* we have no password, so initialize database with one */ PR_fprintf(PR_STDERR, "Enter a password which will be used to encrypt your keys.\n" "The password should be at least 8 characters long,\n" "and should contain at least one non-alphabetic character.\n\n"); output = fopen(consoleName, "w"); if (output == NULL) { PR_fprintf(PR_STDERR, "Error opening output terminal for write\n"); #ifndef _WINDOWS fclose(input); #endif return NULL; }
Attachment #8492584 - Flags: review?(kaie)
Reminder for bug and patch review.
Reminder for bug review.
Flags: needinfo?(ryan.sleevi)
Flags: needinfo?(rrelyea)
Comment on attachment 8492584 [details] [diff] [review] Patch for the above raised bug Review of attachment 8492584 [details] [diff] [review]: ----------------------------------------------------------------- r+ rrelyea
Attachment #8492584 - Flags: review?(kaie) → review+
Reminder for code change check in.
Reminder for code check in.
Flags: needinfo?(wtc)
Flags: needinfo?(kaie)
Thank you for your patch and the reminder! Checked in: https://hg.mozilla.org/projects/nss/rev/e982d1ffdca7
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Flags: needinfo?(wtc)
Flags: needinfo?(ryan.sleevi)
Flags: needinfo?(rrelyea)
Flags: needinfo?(kaie)
Resolution: --- → FIXED
Target Milestone: --- → 3.17.3
Target Milestone: 3.17.3 → 3.18
Comment on attachment 8492584 [details] [diff] [review] Patch for the above raised bug Review of attachment 8492584 [details] [diff] [review]: ----------------------------------------------------------------- ::: cmd/lib/secutil.c @@ +290,5 @@ > output = fopen(consoleName, "w"); > if (output == NULL) { > PR_fprintf(PR_STDERR, "Error opening output terminal for write\n"); > +#ifndef _WINDOWS > + fclose(input); It seems that the preexisting fclose(input) call at the end of secu_InitSlotPassword should also be put inside #ifndef _WINDOWS. Should we make that change?
Attachment #8492584 - Flags: review+
Target Milestone: 3.18 → 3.17.3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: