From: shridhar kalavagunta <coolshrid@hotmail.com>
Date: Sun, 4 Aug 2024 21:04:53 +0000 (-0500)
Subject: RAND_write_file(): Avoid potential file descriptor leak
X-Git-Tag: openssl-3.4.0-alpha1~105
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6048344398ec75996fee1f465abb61ab3aa377e;p=thirdparty%2Fopenssl.git

RAND_write_file(): Avoid potential file descriptor leak

If fdopen() call fails we need to close the fd. Also
return early as this is most likely some fatal error.

Fixes #25064

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25081)
---

diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 31edd4f5603..c120fa421c4 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -208,8 +208,16 @@ int RAND_write_file(const char *file)
          * should be restrictive from the start
          */
         int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600);
-        if (fd != -1)
+
+        if (fd != -1) {
             out = fdopen(fd, "wb");
+            if (out == NULL) {
+                close(fd);
+                ERR_raise_data(ERR_LIB_RAND, RAND_R_CANNOT_OPEN_FILE,
+                               "Filename=%s", file);
+                return -1;
+            }
+        }
     }
 #endif