From feb188d27787c595f12507ce5bff5431c4932523 Mon Sep 17 00:00:00 2001
From: Richard Jones <rjones@redhat.com>
Date: Mon, 20 Apr 2009 14:58:36 +0100
Subject: [PATCH] Some fixes to daemon upload command:  - don't leak the file
 descriptor along error paths  - can't use those macros in FileIn functions

---
 daemon/upload.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/daemon/upload.c b/daemon/upload.c
index b457695..41b1bf2 100644
--- a/daemon/upload.c
+++ b/daemon/upload.c
@@ -40,9 +40,14 @@ do_upload (const char *filename)
 {
   int err, fd, r, is_dev;
 
-  NEED_ROOT_OR_IS_DEVICE (filename, -1);
-
   is_dev = strncmp (filename, "/dev/", 5) == 0;
+  if (!is_dev) {
+    if (!root_mounted || filename[0] != '/') {
+      cancel_receive ();
+      reply_with_error ("upload: root must be mounted and path must be absolute");
+      return -1;
+    }
+  }
 
   if (!is_dev) CHROOT_IN;
   fd = open (filename, O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY, 0666);
@@ -61,6 +66,7 @@ do_upload (const char *filename)
     cancel_receive ();
     errno = err;
     reply_with_perror ("write: %s", filename);
+    close (fd);
     return -1;
   }
   if (r == -2) {		/* cancellation from library */
@@ -106,13 +112,16 @@ do_download (const char *filename)
   reply (NULL, NULL);
 
   while ((r = read (fd, buf, sizeof buf)) > 0) {
-    if (send_file_write (buf, r) < 0)
+    if (send_file_write (buf, r) < 0) {
+      close (fd);
       return -1;
+    }
   }
 
   if (r == -1) {
     perror (filename);
     send_file_end (1);		/* Cancel. */
+    close (fd);
     return -1;
   }
 
-- 
1.8.3.1