If reading /dev/urandom failed, the corresponding file descriptor was
leaked through the error path.
Coverity CID #56012
Signed-off-by: Tyler Hicks <tyhi...@canonical.com>
---
Nominated for trunk, 2.10, and 2.9.
changehat/pam_apparmor/pam_apparmor.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/changehat/pam_apparmor/pam_apparmor.c
b/changehat/pam_apparmor/pam_apparmor.c
index 21c323f..85b6f7b 100644
--- a/changehat/pam_apparmor/pam_apparmor.c
+++ b/changehat/pam_apparmor/pam_apparmor.c
@@ -111,6 +111,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
sizeof(magic_token));
if (retval < 0) {
pam_syslog(pamh, LOG_ERR, "Can't read from
/dev/urandom\n");
+ close(fd);
return PAM_PERM_DENIED;
}
} while ((magic_token == 0) || (retval != sizeof(magic_token)));
--
2.5.0
--
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
