lsm: twek apparmor_process_label_get()

Fixes: Coverity 1473189
Fixes: Coverity 1473190
Fixes: 47f4914d88df ("apparmor: prefer /proc/.../attr/apparmor/current over legacy interface")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index b4c0569a939051fdf645c4c26461d6316449e238..742a829ef6d8559974d8357a95571b01b725d3a8 100644 (file)
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -430,15 +430,21 @@ error:
 
 static char *apparmor_process_label_get(struct lsm_ops *ops, pid_t pid)
 {
-       int label_fd;
+       __do_close int fd_label = -EBADF;
        __do_free char *label = NULL;
+       int ret;
        size_t len;
 
-       label_fd = __apparmor_process_label_open(ops, pid, O_RDONLY, false);
-       if (label_fd < 0)
+       fd_label = __apparmor_process_label_open(ops, pid, O_RDONLY, false);
+       if (fd_label < 0)
+               return NULL;
+
+       ret = fd_to_buf(fd_label, &label, &len);
+       if (ret < 0)
                return NULL;
 
-       fd_to_buf(label_fd, &label, &len);
+       if (len == 0)
+               return NULL;
 
        len = strcspn(label, "\n \t");
        if (len)