The error case when lseek returns a negative value was not correctly handled, and the error cleanup routine was potentially leaking memory also. Signed-off-by: Alice J Mitchell <ajmitchell@xxxxxxxxxx> --- support/nfs/conffile.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/support/nfs/conffile.c b/support/nfs/conffile.c index b6400be..6ba8a35 100644 --- a/support/nfs/conffile.c +++ b/support/nfs/conffile.c @@ -500,7 +500,7 @@ conf_readfile(const char *path) if ((stat (path, &sb) == 0) || (errno != ENOENT)) { char *new_conf_addr = NULL; - size_t sz = sb.st_size; + off_t sz; int fd = open (path, O_RDONLY, 0); if (fd == -1) { @@ -517,6 +517,11 @@ conf_readfile(const char *path) /* only after we have the lock, check the file size ready to read it */ sz = lseek(fd, 0, SEEK_END); + if (sz < 0) { + xlog_warn("conf_readfile: unable to determine file size: %s", + strerror(errno)); + goto fail; + } lseek(fd, 0, SEEK_SET); new_conf_addr = malloc(sz+1); @@ -2162,6 +2167,7 @@ conf_write(const char *filename, const char *section, const char *arg, ret = 0; cleanup: + flush_outqueue(&inqueue, NULL); flush_outqueue(&outqueue, NULL); if (buff) -- 1.8.3.1