Add missing fclose() and open with O_CLOEXEC.
Bug: 183061763
Test: N/A
Change-Id: Ic353d38d44010207198b56196e98da418330baa4
diff --git a/ondevice-signing/CertUtils.cpp b/ondevice-signing/CertUtils.cpp
index cbd1942..b0b75a6 100644
--- a/ondevice-signing/CertUtils.cpp
+++ b/ondevice-signing/CertUtils.cpp
@@ -147,8 +147,10 @@
x509->signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
x509->signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
- auto f = fopen(path.c_str(), "wb");
- // TODO error checking
+ auto f = fopen(path.c_str(), "wbe");
+ if (f == nullptr) {
+ return Error() << "Failed to open " << path;
+ }
i2d_X509_fp(f, x509.get());
fclose(f);
@@ -199,8 +201,12 @@
Result<std::vector<uint8_t>> extractPublicKeyFromX509(const std::string& path) {
X509* cert;
- auto f = fopen(path.c_str(), "r");
+ auto f = fopen(path.c_str(), "re");
+ if (f == nullptr) {
+ return Error() << "Failed to open " << path;
+ }
if (!d2i_X509_fp(f, &cert)) {
+ fclose(f);
return Error() << "Unable to decode x509 cert at " << path;
}