wget/src-warc.c-warc_write_start_record-Fix-potential-RES.patch

From 8b451f9f21cc1b00d1a08116b542fb7bd7589405 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <thozza@redhat.com>
Date: Fri, 3 Aug 2018 16:19:20 +0200
Subject: [PATCH 21/83] * src/warc.c (warc_write_start_record): Fix potential
 RESOURCE LEAK

In warc_write_start_record() function, the reutrn value of dup() is
directly used in gzdopen() call and not stored anywhere. However the
zlib documentation says that "The duplicated descriptor should be saved
to avoid a leak, since gzdopen does not close fd if it fails." [1].
This change stores the FD in a variable and closes it in case gzopen()
fails.

[1] https://www.zlib.net/manual.html

Error: RESOURCE_LEAK (CWE-772):
wget-1.19.5/src/warc.c:217: open_fn: Returning handle opened by "dup".
wget-1.19.5/src/warc.c:217: leaked_handle: Failing to save or close handle opened by "dup(fileno(warc_current_file))" leaks it.
\#  215|
\#  216|         /* Start a new GZIP stream. */
\#  217|->       warc_current_gzfile = gzdopen (dup (fileno (warc_current_file)), "wb9");
\#  218|         warc_current_gzfile_uncompressed_size = 0;
\#  219|

Signed-off-by: Tomas Hozza <thozza@redhat.com>
---
 src/warc.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/warc.c b/src/warc.c
index 3482cf3b..5ebd04d7 100644
--- a/src/warc.c
+++ b/src/warc.c
@@ -203,6 +203,7 @@ warc_write_start_record (void)
   /* Start a GZIP stream, if required. */
   if (opt.warc_compression_enabled)
     {
+      int dup_fd;
       /* Record the starting offset of the new record. */
       warc_current_gzfile_offset = ftello (warc_current_file);
 
@@ -214,13 +215,23 @@ warc_write_start_record (void)
       fflush (warc_current_file);
 
       /* Start a new GZIP stream. */
-      warc_current_gzfile = gzdopen (dup (fileno (warc_current_file)), "wb9");
+      dup_fd = dup (fileno (warc_current_file));
+      if (dup_fd < 0)
+        {
+          logprintf (LOG_NOTQUIET,
+_("Error duplicating WARC file file descriptor.\n"));
+          warc_write_ok = false;
+          return false;
+        }
+
+      warc_current_gzfile = gzdopen (dup_fd, "wb9");
       warc_current_gzfile_uncompressed_size = 0;
 
       if (warc_current_gzfile == NULL)
         {
           logprintf (LOG_NOTQUIET,
 _("Error opening GZIP stream to WARC file.\n"));
+          close (dup_fd);
           warc_write_ok = false;
           return false;
         }
-- 
2.19.1
Package init 2019-09-30 11:19:50 -04:00			`From 8b451f9f21cc1b00d1a08116b542fb7bd7589405 Mon Sep 17 00:00:00 2001`
			`From: Tomas Hozza <thozza@redhat.com>`
			`Date: Fri, 3 Aug 2018 16:19:20 +0200`
			`Subject: [PATCH 21/83] * src/warc.c (warc_write_start_record): Fix potential`
			`RESOURCE LEAK`

			`In warc_write_start_record() function, the reutrn value of dup() is`
			`directly used in gzdopen() call and not stored anywhere. However the`
			`zlib documentation says that "The duplicated descriptor should be saved`
			`to avoid a leak, since gzdopen does not close fd if it fails." [1].`
			`This change stores the FD in a variable and closes it in case gzopen()`
			`fails.`

			`[1] https://www.zlib.net/manual.html`

			`Error: RESOURCE_LEAK (CWE-772):`
			`wget-1.19.5/src/warc.c:217: open_fn: Returning handle opened by "dup".`
			`wget-1.19.5/src/warc.c:217: leaked_handle: Failing to save or close handle opened by "dup(fileno(warc_current_file))" leaks it.`
			`\# 215\|`
			`\# 216\| /* Start a new GZIP stream. */`
			`\# 217\|-> warc_current_gzfile = gzdopen (dup (fileno (warc_current_file)), "wb9");`
			`\# 218\| warc_current_gzfile_uncompressed_size = 0;`
			`\# 219\|`

			`Signed-off-by: Tomas Hozza <thozza@redhat.com>`
			`---`
			`src/warc.c \| 13 ++++++++++++-`
			`1 file changed, 12 insertions(+), 1 deletion(-)`

			`diff --git a/src/warc.c b/src/warc.c`
			`index 3482cf3b..5ebd04d7 100644`
			`--- a/src/warc.c`
			`+++ b/src/warc.c`
			`@@ -203,6 +203,7 @@ warc_write_start_record (void)`
			`/* Start a GZIP stream, if required. */`
			`if (opt.warc_compression_enabled)`
			`{`
			`+ int dup_fd;`
			`/* Record the starting offset of the new record. */`
			`warc_current_gzfile_offset = ftello (warc_current_file);`

			`@@ -214,13 +215,23 @@ warc_write_start_record (void)`
			`fflush (warc_current_file);`

			`/* Start a new GZIP stream. */`
			`- warc_current_gzfile = gzdopen (dup (fileno (warc_current_file)), "wb9");`
			`+ dup_fd = dup (fileno (warc_current_file));`
			`+ if (dup_fd < 0)`
			`+ {`
			`+ logprintf (LOG_NOTQUIET,`
			`+_("Error duplicating WARC file file descriptor.\n"));`
			`+ warc_write_ok = false;`
			`+ return false;`
			`+ }`
			`+`
			`+ warc_current_gzfile = gzdopen (dup_fd, "wb9");`
			`warc_current_gzfile_uncompressed_size = 0;`

			`if (warc_current_gzfile == NULL)`
			`{`
			`logprintf (LOG_NOTQUIET,`
			`_("Error opening GZIP stream to WARC file.\n"));`
			`+ close (dup_fd);`
			`warc_write_ok = false;`
			`return false;`
			`}`
			`--`
			`2.19.1`