From ba9055c96b5088772efb710481378dbc8f90abeb Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Fri, 19 Feb 2021 14:40:33 +0100
Subject: [PATCH] lsm: twek apparmor_process_label_get()

Fixes: Coverity 1473189
Fixes: Coverity 1473190
Fixes: 47f4914d88df ("apparmor: prefer /proc/.../attr/apparmor/current over legacy interface")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/lsm/apparmor.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index b4c0569a9..742a829ef 100644
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -430,15 +430,21 @@ error:
 
 static char *apparmor_process_label_get(struct lsm_ops *ops, pid_t pid)
 {
-	int label_fd;
+	__do_close int fd_label = -EBADF;
 	__do_free char *label = NULL;
+	int ret;
 	size_t len;
 
-	label_fd = __apparmor_process_label_open(ops, pid, O_RDONLY, false);
-	if (label_fd < 0)
+	fd_label = __apparmor_process_label_open(ops, pid, O_RDONLY, false);
+	if (fd_label < 0)
+		return NULL;
+
+	ret = fd_to_buf(fd_label, &label, &len);
+	if (ret < 0)
 		return NULL;
 
-	fd_to_buf(label_fd, &label, &len);
+	if (len == 0)
+		return NULL;
 
 	len = strcspn(label, "\n \t");
 	if (len)
-- 
2.47.2