From ff125797e38c9628ae1308973231660a22563309 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Tue, 19 Nov 2013 11:48:02 +0000
Subject: 	* libc/posix/closedir.c: Fix use after free. 	Remove useless
 test dd_fd != -1 	* libc/posix/readdir.c: Remove useless test dd_fd ==
 -1 	* libc/posix/readdir_r.c: Ditto.

---
 newlib/ChangeLog              |  7 +++++++
 newlib/libc/posix/closedir.c  | 16 +++++-----------
 newlib/libc/posix/readdir.c   |  3 ---
 newlib/libc/posix/readdir_r.c |  5 -----
 4 files changed, 12 insertions(+), 19 deletions(-)

diff --git a/newlib/ChangeLog b/newlib/ChangeLog
index dc1b1e7fb..16e648df3 100644
--- a/newlib/ChangeLog
+++ b/newlib/ChangeLog
@@ -1,3 +1,10 @@
+2013-11-19  Terraneo Federico  <fede.tft@hotmail.it>
+
+	* libc/posix/closedir.c: Fix use after free.
+	Remove useless test dd_fd != -1
+	* libc/posix/readdir.c: Remove useless test dd_fd == -1
+	* libc/posix/readdir_r.c: Ditto.
+
 2013-11-18  Sahil Patnayakuni  <sahilp@oarcorp.com>
 
 	* libc/include/stdio.h, libc/machine/powerpc/vfscanf.c,
diff --git a/newlib/libc/posix/closedir.c b/newlib/libc/posix/closedir.c
index 634f5ad12..7801da043 100644
--- a/newlib/libc/posix/closedir.c
+++ b/newlib/libc/posix/closedir.c
@@ -52,25 +52,19 @@ int
 _DEFUN(closedir, (dirp),
        register DIR *dirp)
 {
-	int fd, rc;
+	int rc;
 
 #ifdef HAVE_DD_LOCK
 	__lock_acquire_recursive(dirp->dd_lock);
 #endif
-	rc = 0;
-	fd = dirp->dd_fd;
-	if (fd != -1) {
-		dirp->dd_fd = -1;
-		dirp->dd_loc = 0;
-		(void)free((void *)dirp->dd_buf);
-		(void)free((void *)dirp);
-		rc = close(fd);
-		_cleanupdir(dirp);
-	}
+	rc = close(dirp->dd_fd);
+	_cleanupdir(dirp);
+	free((void *)dirp->dd_buf);
 #ifdef HAVE_DD_LOCK
 	__lock_release_recursive(dirp->dd_lock);
 	__lock_close_recursive(dirp->dd_lock);
 #endif
+	free((void *)dirp);
 	return rc;
 }
 
diff --git a/newlib/libc/posix/readdir.c b/newlib/libc/posix/readdir.c
index d3187e603..3e620e328 100644
--- a/newlib/libc/posix/readdir.c
+++ b/newlib/libc/posix/readdir.c
@@ -53,9 +53,6 @@ _DEFUN(readdir, (dirp),
 #ifdef HAVE_DD_LOCK
   __lock_acquire_recursive(dirp->dd_lock);
 #endif
-
-  if (dirp->dd_fd == -1)
-    return NULL;
  
   for (;;) {
     if (dirp->dd_loc == 0) {
diff --git a/newlib/libc/posix/readdir_r.c b/newlib/libc/posix/readdir_r.c
index eafbeca6a..1d526e309 100644
--- a/newlib/libc/posix/readdir_r.c
+++ b/newlib/libc/posix/readdir_r.c
@@ -60,11 +60,6 @@ struct dirent *tmpdp;
 #ifdef HAVE_DD_LOCK
   __lock_acquire_recursive(dirp->dd_lock);
 #endif
-
-  if (dirp->dd_fd == -1) {
-    *dpp = NULL;
-    return errno = EBADF;
-  }
  
   for (;;) {
     if (dirp->dd_loc == 0) {
-- 
cgit v1.2.3