In passwordFromFile, don't leak the open file after stat failures.
authorTom Lane <tgl@sss.pgh.pa.us>
Sun, 29 Sep 2024 17:40:03 +0000 (13:40 -0400)
committerTom Lane <tgl@sss.pgh.pa.us>
Sun, 29 Sep 2024 17:40:03 +0000 (13:40 -0400)
Oversight in e882bcae0.  Per Coverity.

src/interfaces/libpq/fe-connect.c

index d5a72587d24e62f9d359daaec6c10dbeab8fba55..4094bcbcf0f05cfc1c924589c5139f24f8675ada 100644 (file)
@@ -7482,13 +7482,17 @@ passwordFromFile(const char *hostname, const char *port, const char *dbname,
 
 #ifndef WIN32
        if (fstat(fileno(fp), &stat_buf) != 0)
+       {
+               fclose(fp);
                return NULL;
+       }
 
        if (!S_ISREG(stat_buf.st_mode))
        {
                fprintf(stderr,
                                libpq_gettext("WARNING: password file \"%s\" is not a plain file\n"),
                                pgpassfile);
+               fclose(fp);
                return NULL;
        }
 
@@ -7498,6 +7502,7 @@ passwordFromFile(const char *hostname, const char *port, const char *dbname,
                fprintf(stderr,
                                libpq_gettext("WARNING: password file \"%s\" has group or world access; permissions should be u=rw (0600) or less\n"),
                                pgpassfile);
+               fclose(fp);
                return NULL;
        }
 #else