import from HEAD:

	otp_putfd(): add disconnect arg, to allow just mutex release, avoiding
	fd leak in radiusd and otpd
	otp_verify(): otp_putfd(fdp, 0) on successful return, otp_putfd(fdp, 1)
	on 2 error return cases that we missed

diff --git a/src/modules/rlm_otp/otp_pw_valid.c b/src/modules/rlm_otp/otp_pw_valid.c
index fb32028..ace31cc 100644 (file)
--- a/src/modules/rlm_otp/otp_pw_valid.c
+++ b/src/modules/rlm_otp/otp_pw_valid.c
@@ -218,15 +218,18 @@ retry:
     (void) radlog(L_AUTH, "rlm_otp: otpd reply for [%s] invalid "
                           "(version %d != 1)",
                   request->username, reply->version);
+    otp_putfd(fdp, 1);
     return -1;
   }
 
   if (reply->passcode[OTP_MAX_PASSCODE_LEN] != '\0') {
     (void) radlog(L_AUTH, "rlm_otp: otpd reply for [%s] invalid (passcode)",
                   request->username);
+    otp_putfd(fdp, 1);
     return -1;
   }
 
+  otp_putfd(fdp, 0);
   return reply->rc;
 }
 
@@ -247,13 +250,13 @@ otp_read(otp_fd_t *fdp, char *buf, size_t len)
       } else {
         (void) radlog(L_ERR, "rlm_otp: %s: read from otpd: %s",
                       __func__, strerror(errno));
-        otp_putfd(fdp);
+        otp_putfd(fdp, 1);
         return -1;
       }
     }
     if (!n) {
       (void) radlog(L_ERR, "rlm_otp: %s: otpd disconnect", __func__);
-      otp_putfd(fdp);
+      otp_putfd(fdp, 1);
       return 0;
     }
     nread += n;
@@ -279,7 +282,7 @@ otp_write(otp_fd_t *fdp, const char *buf, size_t len)
       } else {
         (void) radlog(L_ERR, "rlm_otp: %s: write to otpd: %s",
                       __func__, strerror(errno));
-        otp_putfd(fdp);
+        otp_putfd(fdp, 1);
         return errno;
       }
     }
@@ -366,12 +369,15 @@ otp_getfd(const otp_option_t *opt)
   return fdp;
 }
 
-/* disconnect from otpd */
+/* release fd, and optionally disconnect from otpd */
 static void
-otp_putfd(otp_fd_t *fdp)
+otp_putfd(otp_fd_t *fdp, int disconnect)
 {
-  (void) close(fdp->fd);
-  fdp->fd = -1;
+  if (disconnect) {
+    (void) close(fdp->fd);
+    fdp->fd = -1;
+  }
+
   /* make connection available to another thread */
   otp_pthread_mutex_unlock(&fdp->mutex);
 }

diff --git a/src/modules/rlm_otp/otp_pw_valid.h b/src/modules/rlm_otp/otp_pw_valid.h
index a89fb3a..110b245 100644 (file)
--- a/src/modules/rlm_otp/otp_pw_valid.h
+++ b/src/modules/rlm_otp/otp_pw_valid.h
@@ -40,6 +40,6 @@ static int otp_read(otp_fd_t *, char *, size_t);
 static int otp_write(otp_fd_t *, const char *, size_t);
 static int otp_connect(const char *);
 static otp_fd_t *otp_getfd(const otp_option_t *);
-static void otp_putfd(otp_fd_t *);
+static void otp_putfd(otp_fd_t *, int);
 
 #endif /* OTP_PW_VALID_H */