Bug 1018890
Summary: | pluto leaks file descriptors | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Philipp Reisner <philipp.reisner> |
Component: | openswan | Assignee: | Paul Wouters <pwouters> |
Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.4 | CC: | eparis, lars.ellenberg |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-10-17 20:07:29 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Philipp Reisner
2013-10-14 15:42:13 UTC
The issue was fixed in pluto upstream. See commit: commit ef4d0f4a921afe1977a02d97a9bf1b48b8aad85e Author: Paul Wouters <paul> Date: Tue Aug 9 13:26:14 2011 -0400 * Fix closing fd in lib/libopenswan/oswconf.c [Avesh] Thank you for filing this report. I am going to propose this bug for 6.6. We are way past the time frame where this could be addressed in 6.5. (In reply to Eric Paris from comment #3) > Thank you for filing this report. I am going to propose this bug for 6.6. > We are way past the time frame where this could be addressed in 6.5. Honestly? That's an "obviously correct oneline patch"... ;) See: > https://github.com/xelerance/Openswan/commit/ef4d0f4a921afe1977a02d97a9bf1b48b8aad85e > > letoams authored 2 years ago > > Author: Paul Wouters <paul> > Date: Tue Aug 9 13:26:14 2011 -0400 > > * Fix closing fd in lib/libopenswan/oswconf.c [Avesh] > > diff --git a/lib/libopenswan/oswconf.c b/lib/libopenswan/oswconf.c > index 38ed558..63a748f 100644 > --- a/lib/libopenswan/oswconf.c > +++ b/lib/libopenswan/oswconf.c > @@ -199,42 +199,42 @@ secuPWData *osw_return_nss_password_file_info(void) > bool Pluto_IsFIPS(void) > { > char fips_flag[1]; > int n; > FILE *fd=fopen("/proc/sys/crypto/fips_enabled","r"); > > if(fd!=NULL) { > n = fread ((void *)fips_flag, 1, 1, fd); > if(n==1) { > if(fips_flag[0]=='1') { > fclose(fd); > return TRUE; > } > else { > openswan_log("Non-fips mode set in /proc/sys/crypto/fips_enabled"); > } > } else { > openswan_log("error in reading /proc/sys/crypto/fips_enabled, returning non-fips mode"); > } > + fclose(fd); > } > else { > openswan_log("Not able to open /proc/sys/crypto/fips_enabled, returning non-fips mode"); > - fclose(fd); > } > return FALSE; > } ... I agree it doesn't seem to make sense. But at this point in the RHEL development cycle the only code changes we can make are to fix regressions between 6.4 and 6.5. This does not meet that requirement and so must be queued for 6.6. I apologize for the delay and appreciate the report. *** This bug has been marked as a duplicate of bug 1020322 *** |