certmonger

#218 Fix file descriptor leak when executing CA helpers
Merged by rcritten. Opened by rcritten.
rcritten/certmonger bz1992439  into  master

cm_cadata_start_generic() creates a pipe. One half is passed
to fetch(), the function that does all helper calls,
via the cm_cadata_state variable ret. The other half is the
reader and is used to detect execution errors. There is a pair
of write/read on this descriptor which on error would be the
errno.

This second half wasn't being closed after reading to test for
errors.

https://bugzilla.redhat.com/show_bug.cgi?id=1992439

Signed-off-by: Rob Crittenden rcritten@redhat.com

rebased onto b4c090d2e12956a2df6157592839936adf4024f4

I've had an install running for two weeks now, no leaks. In fact, before the patch the number of open fds was something like 166. Now it is 8. I think this is resolved.

I did some last-minute double-checking by adding in a SCEP CA and confirming that its capabilities and certificates were retrieved and the fingerprints were calculated.

Pull-Request has been merged by rcritten
Metadata
None
No Tags
Changes Summary 1
+1 -0
file changed
src/cadata.c
Static archive. pagure.io was sunset in 2026; this is a read-only snapshot.
Red Hat Logo

Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »

© Red Hat, Inc. and others.