-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlD+pLEACgkQrlYvE4MpobMDkwCggqdjNp0RXwZas3OvbO4KNXzx
wrsAniIGWv+xvvVrJVSfBDG0miRHKWFA
=R3E7
-----END PGP SIGNATURE-----
>From 65434f33fc88875fff8be5453e1d7251f185d69b Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@xxxxxxxxxx>
Date: Thu, 1 Nov 2012 15:42:27 -0400
Subject: [PATCH 20/84] libselinux: do not leak mmapfd
On failure, common if .bin is older than the text version, we will leak
the mmapfd. Don't do that.
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
libselinux/src/label_file.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 6f15354..8ccc59f 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -254,21 +254,27 @@ static int load_mmap(struct selabel_handle *rec, const char *path, struct stat *
if (rc >= sizeof(mmap_path))
return -1;
- mmapfd = open(mmap_path, O_RDONLY);
+ mmapfd = open(mmap_path, O_RDONLY | O_CLOEXEC);
if (mmapfd < 0)
return -1;
rc = fstat(mmapfd, &mmap_stat);
- if (rc < 0)
+ if (rc < 0) {
+ close(mmapfd);
return -1;
+ }
/* if mmap is old, ignore it */
- if (mmap_stat.st_mtime < stat->st_mtime)
+ if (mmap_stat.st_mtime < stat->st_mtime) {
+ close(mmapfd);
return -1;
+ }
if (mmap_stat.st_mtime == stat->st_mtime &&
- mmap_stat.st_mtim.tv_nsec < stat->st_mtim.tv_nsec)
+ mmap_stat.st_mtim.tv_nsec < stat->st_mtim.tv_nsec) {
+ close(mmapfd);
return -1;
+ }
/* ok, read it in... */
len = mmap_stat.st_size;
--
1.8.1
