core/manager: fix (theoretical) fd leak on invalid messages

We'd leak fds on early return. We are sending a message to ourself,
so it's unlikely to fail. But let's keep the logic correct.

Reported by qarmin (Rafał Mikrut).

diff --git a/src/core/manager.c b/src/core/manager.c
index accf9c8ff94f142d197279a29dfd1087aa15be0e..165914b2a53d03440a387997bd5caf09d49c6036 100644 (file)
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -5119,6 +5119,7 @@ static int manager_dispatch_pidref_transport_fd(sd_event_source *source, int fd,
 
         if (n != sizeof(child_pid)) {
                 log_warning("Got pidref message of unexpected size %zi (expected %zu), ignoring.", n, sizeof(child_pid));
+                cmsg_close_all(&msghdr);
                 return 0;
         }
 
@@ -5138,6 +5139,8 @@ static int manager_dispatch_pidref_transport_fd(sd_event_source *source, int fd,
                 }
         }
 
+        /* From this point on, the fds are owned by our local variables. Call cmsg_close_all no more. */
+
         /* Verify and set parent pidref. */
         if (!ucred || !pid_is_valid(ucred->pid)) {
                 log_warning("Received pidref message without valid credentials. Ignoring.");