From 90a59a064b4f40194bbde55075792ce1bf9d3a1f Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Fri, 6 Dec 2019 23:06:57 -0600
Subject: [PATCH] krb5: Fix fcc_open() FD leak

---
 lib/krb5/fcache.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c
index 4ec98d883..a4139b0e5 100644
--- a/lib/krb5/fcache.c
+++ b/lib/krb5/fcache.c
@@ -412,10 +412,15 @@ fcc_open(krb5_context context,
 
     if ((flags & O_EXCL)) {
         flags &= ~O_EXCL;
+        /*
+         * FIXME Instead of mkostemp()... we could instead try to use a .new
+         * file... with care.  Or the O_TMPFILE / linkat() extensions.  We need
+         * a roken / heimbase abstraction for that.
+         */
         if (asprintf(&TMPFILENAME(id), "%s-XXXXXX", FILENAME(id)) < 0 ||
             TMPFILENAME(id) == NULL)
             return krb5_enomem(context);
-        if ((*fd_ret = mkostemp(TMPFILENAME(id), O_CLOEXEC)) == -1) {
+        if ((fd = mkostemp(TMPFILENAME(id), O_CLOEXEC)) == -1) {
             free(TMPFILENAME(id));
             TMPFILENAME(id) = NULL;
             krb5_set_error_message(context, ret = errno,
@@ -423,6 +428,7 @@ fcc_open(krb5_context context,
                                    FILENAME(id));
             return ret;
         }
+        goto out;
     }
 
     filename = TMPFILENAME(id) ? TMPFILENAME(id) : FILENAME(id);
@@ -535,6 +541,7 @@ again:
 #endif
     }
 
+out:
     if((ret = fcc_lock(context, id, fd, exclusive)) != 0) {
 	close(fd);
 	return ret;