From: Jeff King <peff@peff.net>
Date: Tue, 5 Sep 2017 12:14:23 +0000 (-0400)
Subject: verify_signed_buffer: prefer close_tempfile() to close()
X-Git-Tag: v2.15.0-rc0~91^2~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d88ef6605120fd75be38376ba147623cf427bf73;p=thirdparty%2Fgit.git

verify_signed_buffer: prefer close_tempfile() to close()

We do a manual close() on the descriptor provided to us by
mks_tempfile. But this runs contrary to the advice in
tempfile.h, which notes that you should always use
close_tempfile(). Otherwise the descriptor may be reused
without the tempfile object knowing it, and the later call
to delete_tempfile() could close a random descriptor.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---

diff --git a/gpg-interface.c b/gpg-interface.c
index d936f3a32f..455b6c04b4 100644
--- a/gpg-interface.c
+++ b/gpg-interface.c
@@ -215,7 +215,7 @@ int verify_signed_buffer(const char *payload, size_t payload_size,
 		delete_tempfile(&temp);
 		return -1;
 	}
-	close(fd);
+	close_tempfile(&temp);
 
 	argv_array_pushl(&gpg.args,
 			 gpg_program,