]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
apparmor: release exe file resources on path failure
authorZygmunt Krynicki <me@zygoon.pl>
Mon, 4 May 2026 11:13:24 +0000 (13:13 +0200)
committerJohn Johansen <john.johansen@canonical.com>
Sun, 14 Jun 2026 03:14:08 +0000 (20:14 -0700)
get_current_exe_path() takes both an exe_file reference and a path
reference before resolving the path name. If aa_path_name() failed, it
returned immediately and leaked both references.

Route the failure through the common cleanup path so fput() and path_put()
always run after the references are acquired.

Fixes: 8d34e16f7f2b ("apparmor: userns: Add support for execpath in userns")
Reviewed-by: Ryan Lee <ryan.lee@canonical.com>
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/task.c

index 0db0e81b460017de8e623df75366181a45fc1ed0..6445cb5f85266873ca54c7fc0ca5e64394fdaf2a 100644 (file)
@@ -313,9 +313,12 @@ static const char *get_current_exe_path(char *buffer, int buffer_size)
        p = exe_file->f_path;
        path_get(&p);
 
-       if (aa_path_name(&p, FLAG_VIEW_SUBNS, buffer, &path_str, NULL, NULL))
-               return ERR_PTR(-ENOMEM);
+       if (aa_path_name(&p, FLAG_VIEW_SUBNS, buffer, &path_str, NULL, NULL)) {
+               path_str = ERR_PTR(-ENOMEM);
+               goto out;
+       }
 
+out:
        fput(exe_file);
        path_put(&p);