commit f762ea1631dfa737f21c7d9a8036c95fddeae692
from: Stefan Sperling <stsp@stsp.name>
via: Thomas Adam <thomas@xteddy.org>
date: Mon Jun 23 17:28:04 2025 UTC

plug a file descriptor leak in the gotsysd libexec process

commit - 01b6b6f8d2c07fa268809963409885e9d224b346
commit + f762ea1631dfa737f21c7d9a8036c95fddeae692
blob - 156666bf66fc9c6047015be78b05d579669ba07e
blob + a9f801243fe0f3232af577fb8cdcfc0cadbb2442
--- gotsysd/helpers.c
+++ gotsysd/helpers.c
@@ -106,6 +106,8 @@ free_proc(struct gotsysd_helper_proc *proc)
 		close(proc->iev.ibuf.fd);
 	}
 
+	if (proc->fd != -1)
+		close(proc->fd);
 	free(proc);
 }
 
@@ -754,13 +756,13 @@ start_helper_child(const char *argv0, const char *argv
 	const struct got_error *err = NULL;
 	struct gotsysd_helper_proc *proc;
 	struct timeval tv = { 5, 0 };
-	int fd = -1;
 
 	proc = calloc(1, sizeof(*proc));
 	if (proc == NULL) {
 		err = got_error_from_errno("calloc");
 		goto done;
 	}
+	proc->fd = -1;
 
 	log_debug("starting %s", argv0);
 
@@ -773,8 +775,8 @@ start_helper_child(const char *argv0, const char *argv
 	proc->type = imsg->hdr.type;
 	switch (proc->type) {
 	case GOTSYSD_IMSG_START_PROG_READ_CONF:
-		fd = imsg_get_fd(imsg);
-		if (fd == -1) {
+		proc->fd = imsg_get_fd(imsg);
+		if (proc->fd == -1) {
 			err = got_error(GOT_ERR_PRIVSEP_NO_FD);
 			goto done;
 		}
@@ -783,7 +785,7 @@ start_helper_child(const char *argv0, const char *argv
 		break;
 	}
 
-	proc->pid = start_child(argv0, argv1, argv2, proc->pipe[1], fd);
+	proc->pid = start_child(argv0, argv1, argv2, proc->pipe[1], proc->fd);
 	proc->pipe[1] = -1;
 	strlcpy(proc->progname, argv0, sizeof(proc->progname));
 
@@ -811,8 +813,11 @@ start_helper_child(const char *argv0, const char *argv
 	evtimer_set(&proc->startup_tmo, proc_startup_timeout, proc);
 	evtimer_add(&proc->startup_tmo, &tv);
 done:
-	if (err)
+	if (err) {
+		if (proc->fd != -1)
+			close(proc->fd);
 		free(proc);
+	}
 	return err;
 }