From c24375a7ded40ccac59c4e9811c8deb614ee4f2b Mon Sep 17 00:00:00 2001 From: Conrad Meyer Date: Wed, 11 May 2016 18:03:51 +0000 Subject: [PATCH] whois(1): Fix potential double-close and logic mistakes Close the fd the poll error was detected on, rather than the last opened fd, to fix the double-close. Use -1 to make it explict which int variables no longer own socket file descriptors. Actually shrink, rather than grow, the poll timeout to match comment. Reported by: Coverity CID: 1304860, 1305616 Sponsored by: EMC / Isilon Storage Division --- usr.bin/whois/whois.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/usr.bin/whois/whois.c b/usr.bin/whois/whois.c index 6519f068286..8c775fa041a 100644 --- a/usr.bin/whois/whois.c +++ b/usr.bin/whois/whois.c @@ -316,6 +316,11 @@ connect_to_any_host(struct addrinfo *hostres) fds[i].fd = s; fds[i].events = POLLERR | POLLHUP | POLLIN | POLLOUT; + /* + * From here until a socket connects, the + * socket fd is owned by the fds[] poll array. + */ + s = -1; count++; i++; } else { @@ -357,7 +362,7 @@ connect_to_any_host(struct addrinfo *hostres) * after a new host have been added. */ if (timeout >= 3) - timeout <<= 1; + timeout >>= 1; break; } else if (n < 0) { @@ -377,7 +382,7 @@ connect_to_any_host(struct addrinfo *hostres) fds[j].revents == 0) continue; if (fds[j].revents & ~(POLLIN | POLLOUT)) { - close(s); + close(fds[j].fd); fds[j].fd = -1; fds[j].events = 0; count--; @@ -385,6 +390,7 @@ connect_to_any_host(struct addrinfo *hostres) } else if (fds[j].revents & (POLLIN | POLLOUT)) { /* Connect succeeded. */ s = fds[j].fd; + fds[j].fd = -1; goto done; } @@ -401,7 +407,7 @@ connect_to_any_host(struct addrinfo *hostres) done: /* Close all watched fds except the succeeded one */ for (j = 0; j < i; j++) - if (fds[j].fd != s && fds[j].fd != -1) + if (fds[j].fd != -1) close(fds[j].fd); free(fds); return (s);