From 8c718a8190eb0820b5e3891b4643c99da50d0c08 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Olivier=20Ta=C3=AFbi?= Date: Tue, 14 Apr 2020 19:36:27 +0200 Subject: [PATCH] cli/restore: gzerror() after gzclose_r() is a use after free Calling gzerror() (indirectly via gzerror_str()) after gzclose_r is a use after free, according to zlib's manual. amended by db: tidied commit message --- notmuch-restore.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/notmuch-restore.c b/notmuch-restore.c index 9a8b7fb5..e2dc3d45 100644 --- a/notmuch-restore.c +++ b/notmuch-restore.c @@ -237,6 +237,7 @@ notmuch_restore_command (notmuch_config_t *config, int argc, char *argv[]) int opt_index; int include = 0; int input_format = DUMP_FORMAT_AUTO; + int errnum; if (notmuch_database_open (notmuch_config_get_database_path (config), NOTMUCH_DATABASE_MODE_READ_WRITE, ¬much)) @@ -448,10 +449,13 @@ notmuch_restore_command (notmuch_config_t *config, int argc, char *argv[]) if (notmuch) notmuch_database_destroy (notmuch); - if (input && gzclose_r (input)) { - fprintf (stderr, "Error closing %s: %s\n", - name_for_error, gzerror_str (input)); - ret = EXIT_FAILURE; + if (input) { + errnum = gzclose_r (input); + if (errnum) { + fprintf (stderr, "Error closing %s: %d\n", + name_for_error, errnum); + ret = EXIT_FAILURE; + } } return ret ? EXIT_FAILURE : EXIT_SUCCESS; -- 2.45.2