From: Robbie Harwood <rharwood@redhat.com>
Date: Tue, 18 Dec 2018 20:18:13 +0000 (-0500)
Subject: Fix double-close in ksu get_authorized_princ_names
X-Git-Tag: krb5-1.15.5-final~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc87a96b29dd548b54eff6a1d0abc155a02fb497;p=thirdparty%2Fkrb5.git

Fix double-close in ksu get_authorized_princ_names

If list_union() fails due to an allocation failure, then close_time()
will attempt to fclose users_fp and login_fp a second time.

This bug was originally introduced in commit
be95b52c2d0c21b1fe92f9f90166fc2fa8eecc95, and has been present in
every krb5 release since 1.1.

(cherry picked from commit 0b8c6f3e1e8e561aa56a7d4e2171320119991dae)

ticket: 8768
version_fixed: 1.15.5
---

diff --git a/src/clients/ksu/heuristic.c b/src/clients/ksu/heuristic.c
index 0d055e471c..3eb28abf01 100644
--- a/src/clients/ksu/heuristic.c
+++ b/src/clients/ksu/heuristic.c
@@ -266,7 +266,6 @@ get_authorized_princ_names(luser, cmd, princ_list)
 
     retval = list_union(k5login_list, k5users_filt_list, &combined_list);
     if (retval){
-        close_time(k5users_flag,users_fp, k5login_flag,login_fp);
         return retval;
     }
     *princ_list = combined_list;