mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

pam_apparmor: Don't leak /dev/urandom fd

Browse source 
If reading /dev/urandom failed, the corresponding file descriptor was
leaked through the error path.

Coverity CID #56012

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Steve Beattie <steve@nxnw.org>
This commit is contained in:
Tyler Hicks 2016-02-01 10:44:34 -06:00
parent fd38788524
commit e594a321c8
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changehat/pam_apparmor/pam_apparmor.c
View file

@ -111,6 +111,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags,
sizeof(magic_token)); sizeof(magic_token));
if (retval < 0) { if (retval < 0) {
pam_syslog(pamh, LOG_ERR, "Can't read from /dev/urandom\n"); pam_syslog(pamh, LOG_ERR, "Can't read from /dev/urandom\n");
close(fd);
return PAM_PERM_DENIED; return PAM_PERM_DENIED;
} }
} while ((magic_token == 0) || (retval != sizeof(magic_token))); } while ((magic_token == 0) || (retval != sizeof(magic_token)));