RAND_write_file(): Avoid potential file descriptor leak

If fdopen() call fails we need to close the fd. Also return early as this is most likely some fatal error. Fixes #25064 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25081)
2024-12-15 06:01:37 +08:00 · 2024-08-04 16:04:53 -05:00 · 2024-08-04 16:04:53 -05:00 · d604834439
commit d604834439
parent 4c37778a4e
1 changed files with 9 additions and 1 deletions
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@ -208,8 +208,16 @@ int RAND_write_file(const char *file)
         * should be restrictive from the start
         */
        int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600);
-        if (fd != -1)
+
+        if (fd != -1) {
            out = fdopen(fd, "wb");
+            if (out == NULL) {
+                close(fd);
+                ERR_raise_data(ERR_LIB_RAND, RAND_R_CANNOT_OPEN_FILE,
+                               "Filename=%s", file);
+                return -1;
+            }
+        }
    }
 #endif