From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Fri, 19 Feb 2021 13:40:33 +0000 (+0100)
Subject: lsm: twek apparmor_process_label_get()
X-Git-Tag: lxc-5.0.0~276^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ba9055c96b5088772efb710481378dbc8f90abeb;p=thirdparty%2Flxc.git

lsm: twek apparmor_process_label_get()

Fixes: Coverity 1473189
Fixes: Coverity 1473190
Fixes: 47f4914d88df ("apparmor: prefer /proc/.../attr/apparmor/current over legacy interface")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index b4c0569a9..742a829ef 100644
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -430,15 +430,21 @@ error:
 
 static char *apparmor_process_label_get(struct lsm_ops *ops, pid_t pid)
 {
-	int label_fd;
+	__do_close int fd_label = -EBADF;
 	__do_free char *label = NULL;
+	int ret;
 	size_t len;
 
-	label_fd = __apparmor_process_label_open(ops, pid, O_RDONLY, false);
-	if (label_fd < 0)
+	fd_label = __apparmor_process_label_open(ops, pid, O_RDONLY, false);
+	if (fd_label < 0)
+		return NULL;
+
+	ret = fd_to_buf(fd_label, &label, &len);
+	if (ret < 0)
 		return NULL;
 
-	fd_to_buf(label_fd, &label, &len);
+	if (len == 0)
+		return NULL;
 
 	len = strcspn(label, "\n \t");
 	if (len)