From 6be87e75afe2decd0391e639f997e420f47d9674 Mon Sep 17 00:00:00 2001
From: Karol Babioch <karol@babioch.de>
Date: Tue, 22 May 2018 17:22:02 +0200
Subject: [PATCH] Close file descriptors in case fdopen() fails

This makes sure that file descriptors will be closed, even if the
fdopen() call failes, which was overlooked in some cases beforehand.
Should be not an issue in the real world, but let's be as clean as
possible.
---
 pam_yubico.c | 4 +++-
 util.c       | 1 +
 ykpamcfg.c   | 1 +
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/pam_yubico.c b/pam_yubico.c
index f00168a..e128bd2 100644
--- a/pam_yubico.c
+++ b/pam_yubico.c
@@ -833,7 +833,9 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
                           if (file)
                             {
                               cfg->debug_file = file;
-                            }
+                            } else {
+			      close(fd);
+			    }
                         }
                     }
                 }
diff --git a/util.c b/util.c
index 56cb854..14f456b 100644
--- a/util.c
+++ b/util.c
@@ -203,6 +203,7 @@ int generate_random(void *buf, int len)
 
 	u = fdopen(fd, "r");
 	if (!u) {
+		close(fd);
 		return -1;
 	}
 
diff --git a/ykpamcfg.c b/ykpamcfg.c
index 7da818b..f5a4ece 100644
--- a/ykpamcfg.c
+++ b/ykpamcfg.c
@@ -258,6 +258,7 @@ do_add_hmac_chalresp(YK_KEY *yk, uint8_t slot, bool verbose, char *output_dir, u
   f = fdopen (fd, "w");
   if (! f) {
     fprintf (stderr, "fdopen: %s\n", strerror (errno));
+    close(fd);
     goto out;
   }