fixes possible UAF for locktocken paths, if file could not be opened

2017-09-22

author
Mike Becker <universe@uap-core.de>
date
Fri, 22 Sep 2017 20:19:00 +0200 (2017-09-22)
changeset 313
d721250984d0
parent 309
8a474d2ad209
child 314
8722a668fb2a

fixes possible UAF for locktocken paths, if file could not be opened

dav/sync.c file | annotate | diff | comparison | revisions
--- a/dav/sync.c	Sun Sep 17 17:56:02 2017 +0200
+++ b/dav/sync.c	Fri Sep 22 20:19:00 2017 +0200
@@ -1862,13 +1862,14 @@
     free(fname.ptr);
     
     FILE *file = fopen(path, "w");
-    if(!file) {
+    if(file) {
+        fprintf(file, "%s\n", locktoken);
+        fclose(file);
+        return path;
+    } else {
         perror("Cannot create locktoken file");
         free(path);
+        return NULL;
     }
-    
-    fprintf(file, "%s\n", locktoken);
-    fclose(file);
-    return path;
 }
 

mercurial