Fix use-after-free introduced in 0f21bdd0d7b2c45564ddb5a24bbebd530867bd54

Unlike typical fooFree() functions in rpm, Fclose() doesn't set the pointer to NULL so there's a use-after-free in checking for Ferror() that segfaults and stuff. Delay Fclose() until the end so we actually catch io errors too, that was another thing that went missing in commit 0f21bdd0d7b2c45564ddb5a24bbebd530867bd54 (although it would've probably caused an error via null digest instead)
author: Panu Matilainen <pmatilai@redhat.com> 2019-05-14 13:55:52 +0300
committer: Panu Matilainen <pmatilai@redhat.com> 2019-05-14 14:14:00 +0300
commit: 1b0aefbd82722e289164bc06153b908fba112399 (patch)
tree: 3b2d4c995c64fe2d6acb879c4b2a7bfd1811bf69 /rpmio/rpmfileutil.c
parent: 8deb9bb0ade358cafc47e8f9bf43142aa37c5296 (diff)
download: rpm-1b0aefbd82722e289164bc06153b908fba112399.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/rpmio/rpmfileutil.c b/rpmio/rpmfileutil.c
index 92aa8210b..bda97adf1 100644
--- a/rpmio/rpmfileutil.c
+++ b/rpmio/rpmfileutil.c
@@ -34,7 +34,6 @@ int rpmDoDigest(int algo, const char * fn,int asAscii, unsigned char * digest)
 	fdInitDigest(fd, algo, 0);
 	while ((rc = Fread(buf, sizeof(*buf), buflen, fd)) > 0) {};
 	fdFiniDigest(fd, algo, (void **)&dig, &diglen, asAscii);
-	Fclose(fd);
     }
 
     if (dig == NULL || Ferror(fd)) {
@@ -45,6 +44,7 @@ int rpmDoDigest(int algo, const char * fn,int asAscii, unsigned char * digest)
 
     dig = _free(dig);
     free(buf);
+    Fclose(fd);
 
     return rc;
 }
author	Panu Matilainen <pmatilai@redhat.com>	2019-05-14 13:55:52 +0300
committer	Panu Matilainen <pmatilai@redhat.com>	2019-05-14 14:14:00 +0300
commit	1b0aefbd82722e289164bc06153b908fba112399 (patch)
tree	3b2d4c995c64fe2d6acb879c4b2a7bfd1811bf69 /rpmio/rpmfileutil.c
parent	8deb9bb0ade358cafc47e8f9bf43142aa37c5296 (diff)
download	rpm-1b0aefbd82722e289164bc06153b908fba112399.tar.gz