6629735 file descriptor leak causes ipsecconf to core dump with many rules

6629812 ipsecconf can core dump when it can't open its internal policy file
author: pwernau <none@none> 2007-11-19 13:52:01 -0800
committer: pwernau <none@none> 2007-11-19 13:52:01 -0800
commit: 3abcb969a84282d264ee4b135cd8e228b9a21415 (patch)
tree: a1ee3b76e00fb46dd94c13ef2524eed5d0a0de78 /usr/src
parent: cee4d2b4c15c3051b6a16c97b77d71585cc663a2 (diff)
download: illumos-joyent-3abcb969a84282d264ee4b135cd8e228b9a21415.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecconf.c b/usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecconf.c
index 757b177158..fd6594cd41 100644
--- a/usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecconf.c
+++ b/usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecconf.c
@@ -640,6 +640,7 @@ fetch_algorithms()
 		 * to fail with a KGE_LEN error. This is not an error
 		 * condition, so we return nicely.
 		 */
+		(void) close(sfd);
 		return;
 	} else if (retval != 0) {
 		if (strlen(spdsock_diag_buf) != 0)
@@ -3113,9 +3114,10 @@ nuke_adds()
 	policy_fp = fopen(POLICY_CONF_FILE, "a");
 	if (policy_fp == NULL) {
 		warn(gettext("%s cannot be opened"), POLICY_CONF_FILE);
+	} else {
+		(void) fprintf(policy_fp, "\n\n");
+		(void) fflush(policy_fp);
 	}
-	(void) fprintf(policy_fp, "\n\n");
-	(void) fflush(policy_fp);
 
 	while (temp != NULL) {
 		(void) ipsec_conf_del(temp->index, B_TRUE);
author	pwernau <none@none>	2007-11-19 13:52:01 -0800
committer	pwernau <none@none>	2007-11-19 13:52:01 -0800
commit	3abcb969a84282d264ee4b135cd8e228b9a21415 (patch)
tree	a1ee3b76e00fb46dd94c13ef2524eed5d0a0de78 /usr/src
parent	cee4d2b4c15c3051b6a16c97b77d71585cc663a2 (diff)
download	illumos-joyent-3abcb969a84282d264ee4b135cd8e228b9a21415.tar.gz