Fix double-close in ksu get_authorized_princ_names

If list_union() fails due to an allocation failure, then close_time()
will attempt to fclose users_fp and login_fp a second time.

This bug was originally introduced in commit
be95b52c2d0c21b1fe92f9f90166fc2fa8eecc95, and has been present in
every krb5 release since 1.1.

ticket: 8768 (new)
tags: pullup
target_version: 1.17
target_version: 1.16-next
target_version: 1.15-next

diff --git a/src/clients/ksu/heuristic.c b/src/clients/ksu/heuristic.c
index 0d055e471c54e63d7e0e152bc9da63a4b090d65e..3eb28abf01db131c270e0286a6a022e43387347f 100644 (file)
--- a/src/clients/ksu/heuristic.c
+++ b/src/clients/ksu/heuristic.c
@@ -266,7 +266,6 @@ get_authorized_princ_names(luser, cmd, princ_list)
 
     retval = list_union(k5login_list, k5users_filt_list, &combined_list);
     if (retval){
-        close_time(k5users_flag,users_fp, k5login_flag,login_fp);
         return retval;
     }
     *princ_list = combined_list;