-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5WtXAACgkQrlYvE4MpobPXvACg3o5ObnbAAUUnuaxmFGqTyUn/
kkAAnAyqmvcyvt1YpZ4SWj92rLWJPZSK
=Q4X8
-----END PGP SIGNATURE-----
>From 01b7280a9eb3ebf3aafb903966d84c882425456c Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Tue, 9 Aug 2011 09:40:17 -0400
Subject: [PATCH 69/77] policycoreutils: sandbox: Closedir on failures, to
prevent leaks seunshare
---
policycoreutils/sandbox/seunshare.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
index ee9944b..1a0a488 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
@@ -777,6 +777,7 @@ killall (security_context_t execcon)
max_pids = 256;
pid_table = malloc(max_pids * sizeof (pid_t));
if (!pid_table) {
+ (void)closedir(dir);
return -1;
}
pids = 0;
@@ -790,6 +791,7 @@ killall (security_context_t execcon)
if (pids == max_pids) {
if (!(pid_table = realloc(pid_table, 2*pids*sizeof(pid_t)))) {
+ (void)closedir(dir);
return -1;
}
max_pids *= 2;
--
1.7.6
