summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHolger Hans Peter Freyther <holger@moiji-mobile.com>2016-01-23 10:28:09 +0100
committerHolger Hans Peter Freyther <holger@moiji-mobile.com>2016-01-23 10:28:09 +0100
commitde76661cf34070e5e6278875b1c66f292e6b0fd3 (patch)
tree47f6d5cc2e38abddc1b00dfe432d646c444977a2
parentf9f44901a23e7f2b472a2e0987bd70df86b4271a (diff)
gtphub: Fix use after free on failure
Even if fclose fails the stream is inaccessible and the second fclose might cause memory violation. Linux manpage says: Upon successful completion 0 is returned. Otherwise, EOF is returned and errno is set to indicate the error. In either case any further access (including another call to fclose()) to the stream results in undefined behavior. Fixes: CID#57958
-rw-r--r--openbsc/src/gprs/gtphub_main.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/openbsc/src/gprs/gtphub_main.c b/openbsc/src/gprs/gtphub_main.c
index f56c44622..bfb0a3d9e 100644
--- a/openbsc/src/gprs/gtphub_main.c
+++ b/openbsc/src/gprs/gtphub_main.c
@@ -166,8 +166,10 @@ static uint8_t next_restart_count(const char *path)
goto failed_to_write;
if (fprintf(f, "%" PRIu8 "\n", counter) < 2)
goto failed_to_write;
- if (fclose(f))
+ if (fclose(f)) {
+ f = NULL;
goto failed_to_write;
+ }
umask(umask_was);