[apparmor] [PATCH] libapparmor: Fix fd leak when write to aafs/.access fails
Steve Beattie
steve at nxnw.org
Mon Aug 26 22:27:24 UTC 2013
On Mon, Aug 26, 2013 at 02:59:08PM -0700, Tyler Hicks wrote:
> In aa_query_label(), errors encountered during a write() to the AppArmor
> filesystem's .access file results in an unintentional file descriptor
> leak outside of aa_query_label(). Callers don't expect aa_query_label()
> to return with a newly opened file descriptor so they can't be expected
> to close the fd.
>
> This flaw was introduced in r2147, which has not yet been included in an
> official release.
>
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Steve Beattie <sbeattie at ubuntu.com>
Nice catch, thanks.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130826/419a188d/attachment.pgp>
More information about the AppArmor
mailing list