[krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Fri Jul 25 13:43:40 EDT 2008
> Revision: 20543
> U trunk/src/lib/krb5/rcache/rc_io.c
It looks to me like, if strdup fails, the file is left open (which is probably okay if the caller then uses krb5_rc_close to dispose
of the handle, but may cause a file and file descriptor leak if the caller tries krb5_rc_io_creat again), and d->fn is a dangling
pointer (which could be freed again by krb5_rc_io_close).
More information about the krb5-bugs
mailing list