From 1658bad1300c4ee2455e0f6bd3188654cb4dc6a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateo=20Cindri=C4=87?= <mateo.cindric0611@gmail.com>
Date: Sat, 6 Aug 2022 19:47:37 +0200
Subject: [PATCH] system-plugin: check for opened files when storing key data

---
 src/system/api/authentication/store.c | 62 +++++++++++++++------------
 1 file changed, 34 insertions(+), 28 deletions(-)

diff --git a/src/system/api/authentication/store.c b/src/system/api/authentication/store.c
index 8a5c2ab..18f0a2b 100644
--- a/src/system/api/authentication/store.c
+++ b/src/system/api/authentication/store.c
@@ -263,52 +263,53 @@ int system_authentication_store_user_authorized_key(system_ctx_t *ctx, const cha
 	char ssh_path_buffer[PATH_MAX] = {0};
 	char key_path_buffer[PATH_MAX] = {0};
 	DIR *ssh_dir = NULL;
+	FILE *key_file = NULL;
+	bool key_file_opened = false;
 
 	error = snprintf(ssh_path_buffer, sizeof(ssh_path_buffer), "/home/%s/.ssh", user);
 	if (error < 0) {
 		SRPLG_LOG_ERR(PLUGIN_NAME, "snprintf() failed");
 		goto error_out;
 	}
+
 	ssh_dir = opendir(ssh_path_buffer);
-	if (ssh_dir) {
-		LL_FOREACH(head, iter)
-		{
-			char ssh_data_buffer[PATH_MAX] = {0};
-			if (snprintf(key_path_buffer, sizeof(key_path_buffer), "%s/%s", ssh_path_buffer, iter->key.name) < 0) {
-				goto error_out;
-			}
-			if (snprintf(ssh_data_buffer, sizeof(ssh_data_buffer), "%s %s", iter->key.algorithm, iter->key.data) < 0) {
-				goto error_out;
-			}
-			FILE *destFile = fopen(key_path_buffer, "w");
-			fwrite(ssh_data_buffer, sizeof(char), sizeof(ssh_data_buffer), destFile);
-			fclose(destFile);
-		}
-	} else if (errno == ENOENT) {
+	if (errno == ENOENT) {
 		// create directory
 		error = mkdir(ssh_path_buffer, 0700);
 		if (error) {
 			SRPLG_LOG_ERR(PLUGIN_NAME, "mkdir() error (%d)", error);
 			goto error_out;
 		}
-		LL_FOREACH(head, iter)
-		{
-			char ssh_data_buffer[PATH_MAX] = {0};
-			if (snprintf(key_path_buffer, sizeof(key_path_buffer), "%s/%s", ssh_path_buffer, iter->key.name) < 0) {
-				goto error_out;
-			}
-			if (snprintf(ssh_data_buffer, sizeof(ssh_data_buffer), "%s %s", iter->key.algorithm, iter->key.data) < 0) {
-				goto error_out;
-			}
-			FILE *destFile = fopen(key_path_buffer, "w");
-			fwrite(ssh_data_buffer, sizeof(char), sizeof(ssh_data_buffer), destFile);
-			fclose(destFile);
-		}
 	} else {
 		SRPLG_LOG_ERR(PLUGIN_NAME, "opendir() failed");
 		goto error_out;
 	}
 
+	// create key files
+	LL_FOREACH(head, iter)
+	{
+		if ((error = snprintf(key_path_buffer, sizeof(key_path_buffer), "%s/%s", ssh_path_buffer, iter->key.name)) < 0) {
+			SRPLG_LOG_ERR(PLUGIN_NAME, "snprintf() error (%d)", error);
+			goto error_out;
+		}
+
+		key_file = fopen(key_path_buffer, "w");
+		if (!key_file) {
+			SRPLG_LOG_ERR(PLUGIN_NAME, "fopen() failed");
+			goto error_out;
+		}
+		key_file_opened = true;
+
+		error = fprintf(key_file, "%s %s", iter->key.algorithm, iter->key.data);
+		if (error < 0) {
+			SRPLG_LOG_ERR(PLUGIN_NAME, "fprintf() error (%d)", error);
+			goto error_out;
+		}
+
+		fclose(key_file);
+		key_file_opened = false;
+	}
+
 	goto out;
 
 error_out:
@@ -318,6 +319,11 @@ int system_authentication_store_user_authorized_key(system_ctx_t *ctx, const cha
 	if (ssh_dir) {
 		closedir(ssh_dir);
 	}
+
+	if (key_file_opened) {
+		fclose(key_file);
+	}
+
 	return error;
 }