diff options
author | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2016-01-23 10:28:09 +0100 |
---|---|---|
committer | Holger Hans Peter Freyther <holger@moiji-mobile.com> | 2016-01-23 10:28:09 +0100 |
commit | de76661cf34070e5e6278875b1c66f292e6b0fd3 (patch) | |
tree | 47f6d5cc2e38abddc1b00dfe432d646c444977a2 | |
parent | f9f44901a23e7f2b472a2e0987bd70df86b4271a (diff) |
gtphub: Fix use after free on failure
Even if fclose fails the stream is inaccessible and the second fclose
might cause memory violation.
Linux manpage says:
Upon successful completion 0 is returned. Otherwise, EOF is returned
and errno is set to indicate the error. In either case any further
access (including another call to fclose()) to the stream results in
undefined behavior.
Fixes: CID#57958
-rw-r--r-- | openbsc/src/gprs/gtphub_main.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/openbsc/src/gprs/gtphub_main.c b/openbsc/src/gprs/gtphub_main.c index f56c44622..bfb0a3d9e 100644 --- a/openbsc/src/gprs/gtphub_main.c +++ b/openbsc/src/gprs/gtphub_main.c @@ -166,8 +166,10 @@ static uint8_t next_restart_count(const char *path) goto failed_to_write; if (fprintf(f, "%" PRIu8 "\n", counter) < 2) goto failed_to_write; - if (fclose(f)) + if (fclose(f)) { + f = NULL; goto failed_to_write; + } umask(umask_was); |