Hey,
it looks like in sshkey_save_public() the same fd will be closed twice
if the first fclose() returns something other than 0.
The patch below should make sure everything only gets closed once.
I moved the close() call and refactored a bit to improve readability.
Index: authfile.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/authfile.c,v
retrieving revision 1.142
diff -u -p -r1.142 authfile.c
--- authfile.c 1 Jan 2022 01:55:30 -0000 1.142
+++ authfile.c 10 May 2022 21:38:29 -0000
@@ -496,20 +496,25 @@ sshkey_save_public(const struct sshkey *
return SSH_ERR_SYSTEM_ERROR;
if ((f = fdopen(fd, "w")) == NULL) {
r = SSH_ERR_SYSTEM_ERROR;
+ close(fd);
goto fail;
}
if ((r = sshkey_write(key, f)) != 0)
goto fail;
fprintf(f, " %s\n", comment);
- if (ferror(f) || fclose(f) != 0) {
+ if (ferror(f)) {
r = SSH_ERR_SYSTEM_ERROR;
+ goto fail;
+ }
+ if (fclose(f) != 0) {
+ r = SSH_ERR_SYSTEM_ERROR;
+ f = NULL;
fail:
- oerrno = errno;
- if (f != NULL)
+ if (f != NULL) {
+ oerrno = errno;
fclose(f);
- else
- close(fd);
- errno = oerrno;
+ errno = oerrno;
+ }
return r;
}
return 0;
