bzip2recover: Fix use after free issue with outFile. bzip2recover.c (main): Make sure to set outFile to NULL when done. This was reported as CVE-2016-3189 and found in multiple distributions. https://seclists.org/oss-sec/2016/q2/568 Some more analysis can be found in: https://bugzilla.redhat.com/show_bug.cgi?id=1319648

commit: c1cdd98db3238cb711c7d9cdc5671452ce2822cb [log] [tgz]
author: Mark Wielaard <mark@klomp.org> Mon Jun 24 00:45:32 2019 +0200
committer: Mark Wielaard <mark@klomp.org> Mon Jun 24 00:58:47 2019 +0200
tree: ab84c05bb15b96f655c1914a9907a38c4d76f0fe
parent: 833548edc0eb4af85ce8da193835f0f31a6c300f [diff]
diff --git a/bzip2recover.c b/bzip2recover.c
index 1a70e04..a955d60 100644
--- a/bzip2recover.c
+++ b/bzip2recover.c

@@ -458,6 +458,7 @@
             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
             bsPutUInt32 ( bsWr, blockCRC );
             bsClose ( bsWr );
+            outFile = NULL;
          }
          if (wrBlock >= rbCtr) break;
          wrBlock++;
commit	c1cdd98db3238cb711c7d9cdc5671452ce2822cb	[log] [tgz]
author	Mark Wielaard <mark@klomp.org>	Mon Jun 24 00:45:32 2019 +0200
committer	Mark Wielaard <mark@klomp.org>	Mon Jun 24 00:58:47 2019 +0200
tree	ab84c05bb15b96f655c1914a9907a38c4d76f0fe
parent	833548edc0eb4af85ce8da193835f0f31a6c300f [diff]