From 21249d8b89560e9a02e45bedf7090877716c8622 Mon Sep 17 00:00:00 2001 From: Donald Buczek Date: Tue, 18 May 2021 16:10:18 +0200 Subject: [PATCH 1/2] get_shadow_line: Correctly detect socket() failure --- get_shadow_line.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/get_shadow_line.c b/get_shadow_line.c index 8b80495..585528e 100644 --- a/get_shadow_line.c +++ b/get_shadow_line.c @@ -97,7 +97,7 @@ static int get_shadow_line(char *user, char **line) { if (SSL_CTX_load_verify_locations(ssl_ctx, "/etc/mxshadow.cert.pem", NULL) == 0) { psslerror("SSL_CTX_load_verify_locations"); return -1; } int sock = socket(AF_INET, SOCK_STREAM | SOCK_NONBLOCK, 0); - if (sock == 0) { COMMON_LOG(LOG_ERR, "socket: %m"); return -1; } + if (sock == -1) { COMMON_LOG(LOG_ERR, "socket: %m"); return -1; } status = connect_with_timeout(sock, (struct sockaddr *)&sockaddr, sizeof(sockaddr), TIMEOUT); if (status == -1) { COMMON_LOG(LOG_ERR, "connect: %m"); return -1; } From 56205e595c692d8ba621e68fdd2b11f301ded9cc Mon Sep 17 00:00:00 2001 From: Donald Buczek Date: Tue, 18 May 2021 16:11:10 +0200 Subject: [PATCH 2/2] get_shadow_line: Don't leak socket --- get_shadow_line.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/get_shadow_line.c b/get_shadow_line.c index 585528e..c984e80 100644 --- a/get_shadow_line.c +++ b/get_shadow_line.c @@ -96,7 +96,7 @@ static int get_shadow_line(char *user, char **line) { SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); if (SSL_CTX_load_verify_locations(ssl_ctx, "/etc/mxshadow.cert.pem", NULL) == 0) { psslerror("SSL_CTX_load_verify_locations"); return -1; } - int sock = socket(AF_INET, SOCK_STREAM | SOCK_NONBLOCK, 0); + int sock _cleanup_(free_fd) = socket(AF_INET, SOCK_STREAM | SOCK_NONBLOCK, 0); if (sock == -1) { COMMON_LOG(LOG_ERR, "socket: %m"); return -1; } status = connect_with_timeout(sock, (struct sockaddr *)&sockaddr, sizeof(sockaddr), TIMEOUT);