[apparmor] [PATCH] libapparmor: Fix fd leak when write to aafs/.access fails
Tyler Hicks
tyhicks at canonical.com
Mon Aug 26 21:59:08 UTC 2013
In aa_query_label(), errors encountered during a write() to the AppArmor
filesystem's .access file results in an unintentional file descriptor
leak outside of aa_query_label(). Callers don't expect aa_query_label()
to return with a newly opened file descriptor so they can't be expected
to close the fd.
This flaw was introduced in r2147, which has not yet been included in an
official release.
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
=== modified file 'libraries/libapparmor/src/kernel_interface.c'
--- libraries/libapparmor/src/kernel_interface.c 2013-08-10 01:55:16 +0000
+++ libraries/libapparmor/src/kernel_interface.c 2013-08-26 21:50:31 +0000
@@ -726,6 +726,7 @@
* errno set to ENOENT. It indicates that the subject label
* could not be found by the kernel.
*/
+ (void)close(fd);
return -1;
}
More information about the AppArmor
mailing list