From: Olivier Taïbi <oli@olitb.net>
Date: Tue, 14 Apr 2020 17:36:27 +0000 (+0200)
Subject: cli/restore: gzerror() after gzclose_r() is a use after free
X-Git-Tag: archive/debian/0.30_rc0-1~51
X-Git-Url: https://git.cworth.org/git?p=notmuch;a=commitdiff_plain;h=8c718a8190eb0820b5e3891b4643c99da50d0c08

cli/restore: gzerror() after gzclose_r() is a use after free

Calling gzerror() (indirectly via gzerror_str()) after gzclose_r is a
use after free, according to zlib's manual.

amended by db: tidied commit message
---

diff --git a/notmuch-restore.c b/notmuch-restore.c
index 9a8b7fb5..e2dc3d45 100644
--- a/notmuch-restore.c
+++ b/notmuch-restore.c
@@ -237,6 +237,7 @@ notmuch_restore_command (notmuch_config_t *config, int argc, char *argv[])
     int opt_index;
     int include = 0;
     int input_format = DUMP_FORMAT_AUTO;
+    int errnum;
 
     if (notmuch_database_open (notmuch_config_get_database_path (config),
 			       NOTMUCH_DATABASE_MODE_READ_WRITE, &notmuch))
@@ -448,10 +449,13 @@ notmuch_restore_command (notmuch_config_t *config, int argc, char *argv[])
     if (notmuch)
 	notmuch_database_destroy (notmuch);
 
-    if (input && gzclose_r (input)) {
-	fprintf (stderr, "Error closing %s: %s\n",
-		 name_for_error, gzerror_str (input));
-	ret = EXIT_FAILURE;
+    if (input) {
+	errnum = gzclose_r (input);
+	if (errnum) {
+	    fprintf (stderr, "Error closing %s: %d\n",
+		     name_for_error, errnum);
+	    ret = EXIT_FAILURE;
+	}
     }
 
     return ret ? EXIT_FAILURE : EXIT_SUCCESS;