[1/1] restorecond: close the PID file if writing to it failed

Commit Message

Nicolas Iooss July 1, 2018, 2:59 p.m. UTC

write_pid_file() leaks a file descriptor to /var/run/restorecond.pid if
it fails to write the PID to it. Close the file before returning.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 restorecond/restorecond.c | 1 +
 1 file changed, 1 insertion(+)

Comments

William Roberts July 1, 2018, 8:52 p.m. UTC | #1

On Sun, Jul 1, 2018 at 7:59 AM, Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
> write_pid_file() leaks a file descriptor to /var/run/restorecond.pid if
> it fails to write the PID to it. Close the file before returning.
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
> ---
>  restorecond/restorecond.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/restorecond/restorecond.c b/restorecond/restorecond.c
> index 6fbbd35dc1b3..e1d26cb9190d 100644
> --- a/restorecond/restorecond.c
> +++ b/restorecond/restorecond.c
> @@ -105,6 +105,7 @@ static int write_pid_file(void)
>         }
>         if (write(pidfd, val, (unsigned int)len) != len) {
>                 syslog(LOG_ERR, "Unable to write to pidfile (%s)", strerror(errno));
> +               close(pidfd);
>                 return 1;
>         }
>         close(pidfd);
> --
> 2.17.1
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov.

ack

Patch

diff --git a/restorecond/restorecond.c b/restorecond/restorecond.c
index 6fbbd35dc1b3..e1d26cb9190d 100644
--- a/restorecond/restorecond.c
+++ b/restorecond/restorecond.c
@@ -105,6 +105,7 @@  static int write_pid_file(void)
 	}
 	if (write(pidfd, val, (unsigned int)len) != len) {
 		syslog(LOG_ERR, "Unable to write to pidfile (%s)", strerror(errno));
+		close(pidfd);
 		return 1;
 	}
 	close(pidfd);