cli/restore: gzerror() after gzclose_r() is a use after free

Calling gzerror() (indirectly via gzerror_str()) after gzclose_r is a
use after free, according to zlib's manual.

amended by db: tidied commit message

diff --git a/notmuch-restore.c b/notmuch-restore.c
index 9a8b7fb59b8c50e35cbf6c32fd6dc375c3dbf465..e2dc3d4550d548ac09f3892e7a6056826d6472a6 100644 (file)
--- a/notmuch-restore.c
+++ b/notmuch-restore.c
@@ -237,6 +237,7 @@ notmuch_restore_command (notmuch_config_t *config, int argc, char *argv[])
     int opt_index;
     int include = 0;
     int input_format = DUMP_FORMAT_AUTO;
     int opt_index;
     int include = 0;
     int input_format = DUMP_FORMAT_AUTO;

+    int errnum;

 
     if (notmuch_database_open (notmuch_config_get_database_path (config),
                               NOTMUCH_DATABASE_MODE_READ_WRITE, &notmuch))
 
     if (notmuch_database_open (notmuch_config_get_database_path (config),
                               NOTMUCH_DATABASE_MODE_READ_WRITE, &notmuch))


@@ -448,10 +449,13 @@ notmuch_restore_command (notmuch_config_t *config, int argc, char *argv[])
     if (notmuch)
        notmuch_database_destroy (notmuch);
 
     if (notmuch)
        notmuch_database_destroy (notmuch);
 

-    if (input && gzclose_r (input)) {
-       fprintf (stderr, "Error closing %s: %s\n",
-                name_for_error, gzerror_str (input));
-       ret = EXIT_FAILURE;
+    if (input) {
+       errnum = gzclose_r (input);
+       if (errnum) {
+           fprintf (stderr, "Error closing %s: %d\n",
+                    name_for_error, errnum);
+           ret = EXIT_FAILURE;
+       }

     }
 
     return ret ? EXIT_FAILURE : EXIT_SUCCESS;
     }
 
     return ret ? EXIT_FAILURE : EXIT_SUCCESS;