From 01d57a744a9e275409c0fd4168971629e5903935 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= <pfilipensky@samba.org>
Date: Tue, 25 Jul 2023 11:16:56 +0200
Subject: [PATCH] s3:winbindd: Fix double close(fd)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Reported by Red Hat internal coverity

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15433

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Jul 25 12:08:49 UTC 2023 on atb-devel-224
---
 source3/winbindd/winbindd_cm.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 4aaa67521ee..0d0d4d41601 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -708,6 +708,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
 			 * connect to a foreign domain
 			 * without a direct outbound trust.
 			 */
+			close(sockfd);
 			return NT_STATUS_NO_TRUST_LSA_SECRET;
 		}
 
@@ -761,6 +762,13 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain,
 		goto done;
 	}
 
+	/*
+	 * cm_prepare_connection() is responsible that sockfd does not leak.
+	 * Once cli_state_create() returns with success, the
+	 * smbXcli_conn_destructor() makes sure that close(sockfd) is finally
+	 * called. Till that, close(sockfd) must be called on every unsuccessful
+	 * return.
+	 */
 	*cli = cli_state_create(NULL, sockfd, controller,
 				smb_sign_client_connections, flags);
 	if (*cli == NULL) {
@@ -1749,8 +1757,6 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain,
 		if (NT_STATUS_IS_OK(result)) {
 			break;
 		}
-		close(fd);
-		fd = -1;
 		if (!retry) {
 			break;
 		}
-- 
2.41.0