From 0f36146792c60b6759ef1fe2c0514ee536224142 Mon Sep 17 00:00:00 2001
From: Ken Raeburn <raeburn@mit.edu>
Date: Fri, 19 Oct 2001 02:09:54 +0000
Subject: [PATCH] Don't crash if .k[5]login file ownership is wrong.  Patch
 from Emily Ratliff, ratliff@austin.ibm.com

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13822 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/clients/ksu/ChangeLog       | 7 +++++++
 src/clients/ksu/authorization.c | 7 ++++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/clients/ksu/ChangeLog b/src/clients/ksu/ChangeLog
index 33ee0fa9a..1ef25fcdc 100644
--- a/src/clients/ksu/ChangeLog
+++ b/src/clients/ksu/ChangeLog
@@ -1,3 +1,10 @@
+2001-10-18  Ken Raeburn  <raeburn@mit.edu>
+
+	Don't crash if .k[5]login file ownership is wrong.  Patch from
+	Emily Ratliff, ratliff@austin.ibm.com.
+	* authorization.c (fowner): Don't close the file even on error.
+	(krb5_authorization): Close the file if fowner returns FALSE.
+
 2001-10-09  Ken Raeburn  <raeburn@mit.edu>
 
 	* authorization.c, heuristic.c, krb_auth_su.c, ksu.h, main.c: Make
diff --git a/src/clients/ksu/authorization.c b/src/clients/ksu/authorization.c
index f932368ea..8f6da689f 100644
--- a/src/clients/ksu/authorization.c
+++ b/src/clients/ksu/authorization.c
@@ -40,12 +40,10 @@ krb5_boolean fowner(fp, uid)
      * the user himself, or by root.  Otherwise, don't grant access.
      */
     if (fstat(fileno(fp), &sbuf)) {
-	fclose(fp);
 	return(FALSE);
     }
 
     if ((sbuf.st_uid != uid) && sbuf.st_uid) {
-	fclose(fp);
 	return(FALSE);
     }
 
@@ -103,8 +101,10 @@ krb5_error_code krb5_authorization(context, principal, luser,
     if (!k5login_flag){
     	if ((login_fp = fopen(k5login_path, "r")) == NULL)
 	    return 0;
-	if ( fowner(login_fp, pwd->pw_uid) == FALSE)
+	if ( fowner(login_fp, pwd->pw_uid) == FALSE) {
+	    fclose(login_fp);
 	    return 0;
+	}
     }
 
     if (!k5users_flag){
@@ -112,6 +112,7 @@ krb5_error_code krb5_authorization(context, principal, luser,
 	    return 0;
     	}
 	if ( fowner(users_fp, pwd->pw_uid) == FALSE){
+	    fclose(users_fp);
 	    return 0;
     	}
     }
-- 
2.26.2