From: Zygmunt Krynicki Date: Mon, 4 May 2026 11:13:24 +0000 (+0200) Subject: apparmor: release exe file resources on path failure X-Git-Tag: v7.2-rc1~43^2~13 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7306c41672487a6c28430714be063bc6942c28f2;p=thirdparty%2Flinux.git apparmor: release exe file resources on path failure get_current_exe_path() takes both an exe_file reference and a path reference before resolving the path name. If aa_path_name() failed, it returned immediately and leaked both references. Route the failure through the common cleanup path so fput() and path_put() always run after the references are acquired. Fixes: 8d34e16f7f2b ("apparmor: userns: Add support for execpath in userns") Reviewed-by: Ryan Lee Signed-off-by: Zygmunt Krynicki Signed-off-by: John Johansen --- diff --git a/security/apparmor/task.c b/security/apparmor/task.c index 0db0e81b46001..6445cb5f85266 100644 --- a/security/apparmor/task.c +++ b/security/apparmor/task.c @@ -313,9 +313,12 @@ static const char *get_current_exe_path(char *buffer, int buffer_size) p = exe_file->f_path; path_get(&p); - if (aa_path_name(&p, FLAG_VIEW_SUBNS, buffer, &path_str, NULL, NULL)) - return ERR_PTR(-ENOMEM); + if (aa_path_name(&p, FLAG_VIEW_SUBNS, buffer, &path_str, NULL, NULL)) { + path_str = ERR_PTR(-ENOMEM); + goto out; + } +out: fput(exe_file); path_put(&p);