summaryrefslogtreecommitdiffstats
path: root/main/apk-tools/0004-package-don-t-leak-signing-key-file-fd.patch
blob: 818eeb1e799a397c15e81e5d81b999288abb9ef3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
From fe55da70741621f7bac2cd943b64cc13e25f9427 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Wed, 26 May 2010 14:30:08 +0300
Subject: [PATCH 4/5] package: don't leak signing key file fd

openssl BIO does not close the fd unless we explicitly tell it to
do so.
---
 src/package.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/package.c b/src/package.c
index b265468..b97c412 100644
--- a/src/package.c
+++ b/src/package.c
@@ -441,7 +441,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx,
 		if (fd < 0)
 			return 0;
 
-		bio  = BIO_new_fp(fdopen(fd, "r"), 0);
+		bio = BIO_new_fp(fdopen(fd, "r"), BIO_CLOSE);
 		ctx->signature.pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL);
 		if (ctx->signature.pkey != NULL) {
 			if (fi->name[6] == 'R')
-- 
1.7.1