Clean up TNCC error handling

As suggested by Daniel Lenski, create the oc_text_buf for the request
only once the TNCC wrapper has been spawned, to make the error handling
a bit saner. And remember to close the socketpair if fork() fails, too.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/auth-juniper.c b/auth-juniper.c
index 75dd78d33c9e4e79920c763b4c5f39c6c8b58179..a48df88adcda9dd76c5de708c6716675acc0b0da 100644 (file)
--- a/auth-juniper.c
+++ b/auth-juniper.c
@@ -360,30 +360,20 @@ static int tncc_preauth(struct openconnect_info *vpninfo)
                return -EINVAL;
        }
 
-       buf = buf_alloc();
-       buf_append(buf, "start\n");
-       buf_append(buf, "IC=%s\n", vpninfo->hostname);
-       buf_append(buf, "Cookie=%s\n", dspreauth);
-       buf_append(buf, "DSSIGNIN=%s\n", dssignin);
-       if (buf_error(buf)) {
-               vpn_progress(vpninfo, PRG_ERR,
-                            _("Failed to allocate memory for communication with TNCC\n"));
-               return buf_free(buf);
-       }
 #ifdef SOCK_CLOEXEC
        if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, sockfd))
 #endif
        {
-               if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockfd)) {
-                       buf_free(buf);
+               if (socketpair(AF_UNIX, SOCK_STREAM, 0, sockfd))
                        return -errno;
-               }
+
                set_fd_cloexec(sockfd[0]);
                set_fd_cloexec(sockfd[1]);
        }
        pid = fork();
        if (pid == -1) {
-               buf_free(buf);
+               close(sockfd[0]);
+               close(sockfd[1]);
                return -errno;
        }
 
@@ -411,6 +401,18 @@ static int tncc_preauth(struct openconnect_info *vpninfo)
        waitpid(pid, NULL, 0);
        close(sockfd[0]);
 
+       buf = buf_alloc();
+       buf_append(buf, "start\n");
+       buf_append(buf, "IC=%s\n", vpninfo->hostname);
+       buf_append(buf, "Cookie=%s\n", dspreauth);
+       buf_append(buf, "DSSIGNIN=%s\n", dssignin);
+       if (buf_error(buf)) {
+               vpn_progress(vpninfo, PRG_ERR,
+                            _("Failed to allocate memory for communication with TNCC\n"));
+               close(sockfd[1]);
+               return buf_free(buf);
+       }
+
        if (cancellable_send(vpninfo, sockfd[1], buf->data, buf->pos) != buf->pos) {
                vpn_progress(vpninfo, PRG_ERR,
                             _("Failed to send start command to TNCC\n"));