Don't fclose() the file twice in error-exit paths from get_content()

(was causing crashes on multipart mails with invalid Content-Type headers)

diff --git a/ChangeLog b/ChangeLog
index f4f94b9..7d02b8a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2005-11-06  Peter Maydell  <pmaydell@chiark.greenend.org.uk>
 
+       * Debian Bug# 245932, RedHat Bug# 172388: uip/mhparse.c: don't
+       crash when handling a multipart MIME message with an invalid
+       Content-Type header (file handle was being fclose()d twice).
+
        * sbr/Makefile.in: adjust lex command to work on both old and
        new versions of flex.
 

diff --git a/uip/mhparse.c b/uip/mhparse.c
index 0bb56da..c57e745 100644 (file)
--- a/uip/mhparse.c
+++ b/uip/mhparse.c
@@ -259,7 +259,6 @@ parse_mime (char *file)
     if (!(ct = get_content (fp, file, 1))) {
        if (is_stdin)
            unlink (file);
-       fclose (fp);
        advise (NULL, "unable to decode %s", file);
        return NULL;
     }
@@ -293,6 +292,7 @@ parse_mime (char *file)
  * toplevel =  0   # we are inside message type or multipart type
  *                 # other than multipart/digest
  * toplevel = -1   # we are inside multipart/digest
+ * NB: on failure we will fclose(in)!
  */
 
 static CT
@@ -1056,7 +1056,6 @@ next_part:
 
            if (!(p = get_content (fp, ct->c_file,
                        ct->c_subtype == MULTI_DIGEST ? -1 : 0))) {
-               fclose (ct->c_fp);
                ct->c_fp = NULL;
                return NOTOK;
            }
@@ -1285,7 +1284,6 @@ invalid_param:
                fseek (fp = ct->c_fp, ct->c_begin, SEEK_SET);
 
                if (!(p = get_content (fp, ct->c_file, 0))) {
-                   fclose (ct->c_fp);
                    ct->c_fp = NULL;
                    return NOTOK;
                }