From: Alan T. DeKok <aland@freeradius.org>
Date: Sun, 17 Feb 2013 18:32:03 +0000 (-0500)
Subject: Fix race condition in conf file
X-Git-Tag: release_2_2_1~163
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47317e77d90e6ec634e1b608068d71256e5b9b4e;p=thirdparty%2Ffreeradius-server.git

Fix race condition in conf file

Closes Coverity #720457
---

diff --git a/src/main/conffile.c b/src/main/conffile.c
index a6e5584059d..d57c53f7000 100644
--- a/src/main/conffile.c
+++ b/src/main/conffile.c
@@ -1844,9 +1844,17 @@ int cf_file_include(const char *filename, CONF_SECTION *cs)
 
 	DEBUG2( "including configuration file %s", filename);
 
+	fp = fopen(filename, "r");
+	if (!fp) {
+		radlog(L_ERR|L_CONS, "Unable to open file \"%s\": %s",
+		       filename, strerror(errno));
+		return -1;
+	}
+
 	if (stat(filename, &statbuf) == 0) {
 #ifdef S_IWOTH
 		if ((statbuf.st_mode & S_IWOTH) != 0) {
+			fclose(fp);
 			radlog(L_ERR|L_CONS, "Configuration file %s is globally writable.  Refusing to start due to insecure configuration.",
 			       filename);
 			return -1;
@@ -1855,6 +1863,7 @@ int cf_file_include(const char *filename, CONF_SECTION *cs)
 
 #ifdef S_IROTH
 		if (0 && (statbuf.st_mode & S_IROTH) != 0) {
+			fclose(fp);
 			radlog(L_ERR|L_CONS, "Configuration file %s is globally readable.  Refusing to start due to insecure configuration.",
 			       filename);
 			return -1;
@@ -1862,13 +1871,6 @@ int cf_file_include(const char *filename, CONF_SECTION *cs)
 #endif
 	}
 
-	fp = fopen(filename, "r");
-	if (!fp) {
-		radlog(L_ERR|L_CONS, "Unable to open file \"%s\": %s",
-		       filename, strerror(errno));
-		return -1;
-	}
-
 	if (cf_data_find_internal(cs, filename, PW_TYPE_FILENAME)) {
 		fclose(fp);
 		radlog(L_ERR, "Cannot include the same file twice: \"%s\"",