Commit 049665fd authored by Natanael Copa's avatar Natanael Copa

main/apk-tools: fix fd leak

parent ed22a255
From fe55da70741621f7bac2cd943b64cc13e25f9427 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Wed, 26 May 2010 14:30:08 +0300
Subject: [PATCH] package: don't leak signing key file fd
openssl BIO does not close the fd unless we explicitly tell it to
do so.
---
src/package.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/package.c b/src/package.c
index b265468..b97c412 100644
--- a/src/package.c
+++ b/src/package.c
@@ -441,7 +441,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
if (fd < 0)
return 0;
- bio = BIO_new_fp(fdopen(fd, "r"), 0);
+ bio = BIO_new_fp(fdopen(fd, "r"), BIO_CLOSE);
ctx->signature.pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
if (ctx->signature.pkey != NULL) {
if (fi->name[6] == 'R')
--
1.7.1
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=apk-tools
pkgver=2.0.2
pkgrel=1
pkgrel=2
pkgdesc="Alpine Package Keeper - package manager for alpine"
subpackages="$pkgname-static"
depends=
makedepends="zlib-dev openssl-dev pkgconfig"
source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2
info-segfault.patch
0001-package-don-t-leak-signing-key-file-fd.patch
"
......@@ -45,4 +46,5 @@ static() {
}
md5sums="c87cb88f90eb8d7021d37e3b5386863d apk-tools-2.0.2.tar.bz2
aeab86a00119f9945edd6d3c3a8bb9c1 info-segfault.patch"
aeab86a00119f9945edd6d3c3a8bb9c1 info-segfault.patch
ac2ddef3f82f700c9eb536a54050cca6 0001-package-don-t-leak-signing-key-file-fd.patch"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment