From 65a32ba8b3d00bb0cc8729e27a700cad911616c1 Mon Sep 17 00:00:00 2001
From: Nick Porter <nick@portercomputing.co.uk>
Date: Sat, 21 Jun 2025 18:13:45 +0100
Subject: [PATCH] Ensure fd is closed on all error paths

---
 src/lib/unlang/xlat_builtin.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/lib/unlang/xlat_builtin.c b/src/lib/unlang/xlat_builtin.c
index 9d200bd3b4..9438c3a73f 100644
--- a/src/lib/unlang/xlat_builtin.c
+++ b/src/lib/unlang/xlat_builtin.c
@@ -740,12 +740,14 @@ static xlat_action_t xlat_func_file_cat(TALLOC_CTX *ctx, fr_dcursor_t *out,
 
 	if (fstat(fd, &buf) < 0) {
 		RPERROR("Failed checking file %s - %s", filename, fr_syserror(errno));
+	fail:
+		close(fd);
 		return XLAT_ACTION_FAIL;
 	}
 
 	if ((size_t)buf.st_size > max_size->vb_size) {
 		RPERROR("File larger than specified maximum (%"PRIu64" vs %zu)", buf.st_size, max_size->vb_size);
-		return XLAT_ACTION_FAIL;
+		goto fail;
 	}
 
 	MEM(dst = fr_value_box_alloc(ctx, FR_TYPE_OCTETS, false));
@@ -755,8 +757,7 @@ static xlat_action_t xlat_func_file_cat(TALLOC_CTX *ctx, fr_dcursor_t *out,
 	if (len < 0) {
 		RPERROR("Failed reading file %s - %s", filename, fr_syserror(errno));
 		talloc_free(dst);
-		close(fd);
-		return XLAT_ACTION_FAIL;
+		goto fail;
 	}
 	close(fd);
 
-- 
2.47.3