Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by krbdev.mit.edu (8.12.9) with ESMTP id m6PJsho4023298; Fri, 25 Jul 2008 15:54:43 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id m6PJsbC7013930 for ; Fri, 25 Jul 2008 15:54:37 -0400 (EDT) Received: from cathode-dark-space.mit.edu (CATHODE-DARK-SPACE.MIT.EDU [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id m6PJsaKt013151 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Fri, 25 Jul 2008 15:54:37 -0400 (EDT) Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id m6PJsa40007974; Fri, 25 Jul 2008 15:54:36 -0400 (EDT) To: rt@krbdev.mit.edu Subject: Re: [krbdev.mit.edu #6002] krb5_rc_io_creat should use mkstemp References: From: Tom Yu Date: Fri, 25 Jul 2008 15:54:36 -0400 In-Reply-To: (Ken Raeburn via's message of "Fri, 25 Jul 2008 13:43:40 -0400 (EDT)") Message-ID: Lines: 12 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Scanned-BY: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 525 "Ken Raeburn via RT" writes: >> Revision: 20543 >> U trunk/src/lib/krb5/rcache/rc_io.c > > It looks to me like, if strdup fails, the file is left open (which > is probably okay if the caller then uses krb5_rc_close to dispose of > the handle, but may cause a file and file descriptor leak if the > caller tries krb5_rc_io_creat again), and d->fn is a dangling > pointer (which could be freed again by krb5_rc_io_close). That looks like a pre-existing bug. You could open a new ticket for it.