If reading /dev/urandom failed, the corresponding file descriptor was leaked through the error path.
Coverity CID #56012 Signed-off-by: Tyler Hicks <tyhi...@canonical.com> --- Nominated for trunk, 2.10, and 2.9. changehat/pam_apparmor/pam_apparmor.c | 1 + 1 file changed, 1 insertion(+) diff --git a/changehat/pam_apparmor/pam_apparmor.c b/changehat/pam_apparmor/pam_apparmor.c index 21c323f..85b6f7b 100644 --- a/changehat/pam_apparmor/pam_apparmor.c +++ b/changehat/pam_apparmor/pam_apparmor.c @@ -111,6 +111,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, sizeof(magic_token)); if (retval < 0) { pam_syslog(pamh, LOG_ERR, "Can't read from /dev/urandom\n"); + close(fd); return PAM_PERM_DENIED; } } while ((magic_token == 0) || (retval != sizeof(magic_token))); -- 2.5.0 -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor