[gentoo-commits] proj/portage-utils:master commit in: /

Mon, 26 Jan 2026 09:19:42 -0800 

commit:     9ad149db64f56e7573e4a9d269daf1cb8950352c
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Mon Jan 26 16:53:47 2026 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Mon Jan 26 16:53:47 2026 +0000
URL:        https://gitweb.gentoo.org/proj/portage-utils.git/commit/?id=9ad149db

gpkg: avoid potential descriptor leak, CID 557242

In the case we can open a file, but not stat it, we would not close fd.

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 qpkg.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/qpkg.c b/qpkg.c
index c2995a72..7ccfb206 100644
--- a/qpkg.c
+++ b/qpkg.c
@@ -557,9 +557,11 @@ qgpkg_make(tree_pkg_ctx *pkg, qpkg_cb_args *args)
                archive_write_header(a, entry);
                while ((len = read(fd, buf, sizeof(buf))) > 0)
                        archive_write_data(a, buf, (size_t)len);
-               close(fd);
                archive_entry_free(entry);
        }
+       if (fd >= 0)
+               close(fd);
+
        /* 3.2 the metadata archive metadata.tar${comp} */
        snprintf(buf, sizeof(buf), "%s/metadata.tar%s", tmpdir, filter);
        /* this must succeed, no? */
@@ -576,9 +578,11 @@ qgpkg_make(tree_pkg_ctx *pkg, qpkg_cb_args *args)
                archive_write_header(a, entry);
                while ((len = read(fd, buf, sizeof(buf))) > 0)
                        archive_write_data(a, buf, (size_t)len);
-               close(fd);
                archive_entry_free(entry);
        }
+       if (fd >= 0)
+               close(fd);
+
        /* 3.3 TODO: with gpgme write metadata signature */
        /* 3.4 the filesystem image archive image.tar${comp} */
        snprintf(buf, sizeof(buf), "%s/image.tar%s", tmpdir, filter);
@@ -596,9 +600,11 @@ qgpkg_make(tree_pkg_ctx *pkg, qpkg_cb_args *args)
                archive_write_header(a, entry);
                while ((len = read(fd, buf, sizeof(buf))) > 0)
                        archive_write_data(a, buf, (size_t)len);
-               close(fd);
                archive_entry_free(entry);
        }
+       if (fd >= 0)
+               close(fd);
+
        /* 3.5 TODO: with gpgme write image signature */
        /* 3.6 the package Manifest data file Manifest (clear-signed when
         * gpgme) */
@@ -617,9 +623,11 @@ qgpkg_make(tree_pkg_ctx *pkg, qpkg_cb_args *args)
                archive_write_header(a, entry);
                while ((len = read(fd, buf, sizeof(buf))) > 0)
                        archive_write_data(a, buf, (size_t)len);
-               close(fd);
                archive_entry_free(entry);
        }
+       if (fd >= 0)
+               close(fd);
+
        archive_write_close(a);
        archive_write_free(a);

Reply via email to