From de76661cf34070e5e6278875b1c66f292e6b0fd3 Mon Sep 17 00:00:00 2001
From: Holger Hans Peter Freyther <holger@moiji-mobile.com>
Date: Sat, 23 Jan 2016 10:28:09 +0100
Subject: gtphub: Fix use after free on failure

Even if fclose fails the stream is inaccessible and the second fclose
might cause memory violation.

Linux manpage says:
Upon  successful  completion 0 is returned.  Otherwise, EOF is returned
and errno is set to indicate the error.  In either case any further
access (including another call to fclose()) to the stream results in
undefined behavior.

Fixes: CID#57958
---
 openbsc/src/gprs/gtphub_main.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'openbsc/src/gprs/gtphub_main.c')

diff --git a/openbsc/src/gprs/gtphub_main.c b/openbsc/src/gprs/gtphub_main.c
index f56c44622..bfb0a3d9e 100644
--- a/openbsc/src/gprs/gtphub_main.c
+++ b/openbsc/src/gprs/gtphub_main.c
@@ -166,8 +166,10 @@ static uint8_t next_restart_count(const char *path)
 		goto failed_to_write;
 	if (fprintf(f, "%" PRIu8 "\n", counter) < 2)
 		goto failed_to_write;
-	if (fclose(f))
+	if (fclose(f)) {
+		f = NULL;
 		goto failed_to_write;
+	}
 
 	umask(umask_was);
 
-- 
cgit v1.2.3