In passwordFromFile, don't leak the open file after stat failures.

tglsfdc · tglsfdc · commit e9339782a631 · 2024-09-29T13:40:03.000-04:00
Oversight in e882bca. Per Coverity.
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
@@ -7482,13 +7482,17 @@ passwordFromFile(const char *hostname, const char *port, const char *dbname,
 
 #ifndef WIN32
 	if (fstat(fileno(fp), &stat_buf) != 0)
+	{
+		fclose(fp);
 		return NULL;
+	}
 
 	if (!S_ISREG(stat_buf.st_mode))
 	{
 		fprintf(stderr,
 				libpq_gettext("WARNING: password file \"%s\" is not a plain file\n"),
 				pgpassfile);
+		fclose(fp);
 		return NULL;
 	}
 
@@ -7498,6 +7502,7 @@ passwordFromFile(const char *hostname, const char *port, const char *dbname,
 		fprintf(stderr,
 				libpq_gettext("WARNING: password file \"%s\" has group or world access; permissions should be u=rw (0600) or less\n"),
 				pgpassfile);
+		fclose(fp);
 		return NULL;
 	}
 #else
