projects / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 39a6cc6)
fix CVE-2007-5972: double fclose() in krb5_def_store_mkey()
authorTom Yu <tlyu@mit.edu>
Fri, 14 Dec 2007 04:38:42 +0000 (04:38 +0000)
committerTom Yu <tlyu@mit.edu>
Fri, 14 Dec 2007 04:38:42 +0000 (04:38 +0000)
ticket: 5857
target_version: 1.6.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20179 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/kdb/kdb_default.c patch | blob | history

diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
index 0e5880490eadb028c1fe3fbbbfc07c1008942a30..fd95c83793d981973a8ab809a2f101d48561d44b 100644 (file)
--- a/src/lib/kdb/kdb_default.c
+++ b/src/lib/kdb/kdb_default.c
@@ -186,8 +186,7 @@ krb5_def_store_mkey(context, keyfile, mname, key, master_pwd)
                kf) != key->length)) {
        retval = errno;
        (void) fclose(kf);
-    }
-    if (fclose(kf) == EOF)
+    } else if (fclose(kf) == EOF)
        retval = errno;
 #if HAVE_UMASK
     (void) umask(oumask);
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.