fix several security vulnerabilities found by iDEFENSE in fcronsighup

(close fcron.allow and fcron.deny files after use)

diff --git a/allow.c b/allow.c
index 20ab4c1b576cdb3fc24872e2eca36c75bdced2fa..555712be7dc02827afa2869752b85b9a17512b59 100644 (file)
--- a/allow.c
+++ b/allow.c
@@ -22,7 +22,7 @@
  *  `LICENSE' that comes with the fcron source distribution.
  */
 
- /* $Id: allow.c,v 1.13 2003-12-25 22:52:55 thib Exp $ */
+ /* $Id: allow.c,v 1.14 2004-11-13 19:44:01 thib Exp $ */
 
 #include "fcrontab.h"
 
@@ -56,12 +56,17 @@ in_file(char *str, char *file)
            continue;
        remove_blanks(start);
 
-       if ( strcmp(str, start) == 0 )
+       if ( strcmp(str, start) == 0 ) {
+           fclose(f);
            return 1;
-       if ( strcmp(start, "all") == 0 )
+       }
+       if ( strcmp(start, "all") == 0 ) {
+           fclose(f);
            return 2;
+       }
     }
 
+    fclose(f);
     /* if execution gets here, string is not in file */
     return 0;