From 3e128df1ef4ce6f633aa61a7141a9998cd7d13bc Mon Sep 17 00:00:00 2001
From: Shachar Sharon <ssharon@redhat.com>
Date: Tue, 19 Aug 2025 11:34:13 +0300
Subject: [PATCH] samr: Fix CID 1035506: close slave fd (REASOURCE_LEAK)

In the case of (unlikely) failure of dup2 on one of the standard file
descriptors, close 'slave' fd upon return.

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Sep 11 13:29:37 UTC 2025 on atb-devel-224
---
 source3/rpc_server/samr/srv_samr_chgpasswd.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/source3/rpc_server/samr/srv_samr_chgpasswd.c b/source3/rpc_server/samr/srv_samr_chgpasswd.c
index 6c0c0da0cfc..000f6c2b87d 100644
--- a/source3/rpc_server/samr/srv_samr_chgpasswd.c
+++ b/source3/rpc_server/samr/srv_samr_chgpasswd.c
@@ -201,18 +201,24 @@ static int dochild(int master, const char *slavedev, const struct passwd *pass,
 
 	/* Make slave stdin/out/err of child. */
 
-	if (dup2(slave, STDIN_FILENO) != STDIN_FILENO)
+	if ((slave != STDIN_FILENO) &&
+	    (dup2(slave, STDIN_FILENO) != STDIN_FILENO))
 	{
+		close(slave);
 		DEBUG(3, ("Could not re-direct stdin\n"));
 		return (False);
 	}
-	if (dup2(slave, STDOUT_FILENO) != STDOUT_FILENO)
+	if ((slave != STDOUT_FILENO) &&
+	    (dup2(slave, STDOUT_FILENO) != STDOUT_FILENO))
 	{
+		close(slave);
 		DEBUG(3, ("Could not re-direct stdout\n"));
 		return (False);
 	}
-	if (dup2(slave, STDERR_FILENO) != STDERR_FILENO)
+	if ((slave != STDERR_FILENO) &&
+	    (dup2(slave, STDERR_FILENO) != STDERR_FILENO))
 	{
+		close(slave);
 		DEBUG(3, ("Could not re-direct stderr\n"));
 		return (False);
 	}
-- 
2.47.3