From: Robbie Harwood <rharwood@redhat.com>
Date: Thu, 18 Apr 2019 17:39:37 +0000 (-0400)
Subject: Fix potential close(-1) in cc_file.c
X-Git-Tag: krb5-1.18-beta1~154
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5ccfbaf2f0c8871d2f0ea87ad4b21cc33392ca2c;p=thirdparty%2Fkrb5.git

Fix potential close(-1) in cc_file.c

As part of error handling in d3b39a8bac6206b5ea78b0bf6a2958c1df0b0dd5,
an error path in delete_cred() may result in close(-1).  While this
shouldn't be a prolblem in practice (just returning EBADF), it does
upset Coverity.

ticket: 8792
---

diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c
index f0f1409f35..e78ac3a7fa 100644
--- a/src/lib/krb5/ccache/cc_file.c
+++ b/src/lib/krb5/ccache/cc_file.c
@@ -1122,7 +1122,8 @@ delete_cred(krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor,
     }
 
 cleanup:
-    close(fd);
+    if (fd >= 0)
+        close(fd);
     zapfree(on_disk, expected.len);
     k5_buf_free(&expected);
     k5_buf_free(&overwrite);