upstream: Make sure not to fclose() the same fd twice in case of an

error.

ok dtucker@

OpenBSD-Commit-ID: e384c4e05d5521e7866b3d53ca59acd2a86eef99

diff --git a/authfile.c b/authfile.c
index a399efc3e7382f42a1067f073d2521021e51df7a..9ed4f4c3a30dd286dab8995e210570dbb07ecf08 100644 (file)
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.142 2022/01/01 01:55:30 jsg Exp $ */
+/* $OpenBSD: authfile.c,v 1.143 2022/06/21 14:52:13 tobhe Exp $ */
 /*
  * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
  *
@@ -501,20 +501,25 @@ sshkey_save_public(const struct sshkey *key, const char *path,
                return SSH_ERR_SYSTEM_ERROR;
        if ((f = fdopen(fd, "w")) == NULL) {
                r = SSH_ERR_SYSTEM_ERROR;
+               close(fd);
                goto fail;
        }
        if ((r = sshkey_write(key, f)) != 0)
                goto fail;
        fprintf(f, " %s\n", comment);
-       if (ferror(f) || fclose(f) != 0) {
+       if (ferror(f)) {
                r = SSH_ERR_SYSTEM_ERROR;
+               goto fail;
+       }
+       if (fclose(f) != 0) {
+               r = SSH_ERR_SYSTEM_ERROR;
+               f = NULL;
  fail:
-               oerrno = errno;
-               if (f != NULL)
+               if (f != NULL) {
+                       oerrno = errno;
                        fclose(f);
-               else
-                       close(fd);
-               errno = oerrno;
+                       errno = oerrno;
+               }
                return r;
        }
        return 0;