From: Zbigniew Jędrzejewski-Szmek <zbyszek@amutable.com>
Date: Mon, 18 May 2026 10:30:36 +0000 (+0200)
Subject: core/manager: fix (theoretical) fd leak on invalid messages
X-Git-Tag: v261-rc1~116^2~4
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=fd12cc9a52ea950afaf5cb0da85d4bb195a60683;p=thirdparty%2Fsystemd.git

core/manager: fix (theoretical) fd leak on invalid messages

We'd leak fds on early return. We are sending a message to ourself,
so it's unlikely to fail. But let's keep the logic correct.

Reported by qarmin (Rafał Mikrut).
---

diff --git a/src/core/manager.c b/src/core/manager.c
index accf9c8ff94..165914b2a53 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -5119,6 +5119,7 @@ static int manager_dispatch_pidref_transport_fd(sd_event_source *source, int fd,
 
         if (n != sizeof(child_pid)) {
                 log_warning("Got pidref message of unexpected size %zi (expected %zu), ignoring.", n, sizeof(child_pid));
+                cmsg_close_all(&msghdr);
                 return 0;
         }
 
@@ -5138,6 +5139,8 @@ static int manager_dispatch_pidref_transport_fd(sd_event_source *source, int fd,
                 }
         }
 
+        /* From this point on, the fds are owned by our local variables. Call cmsg_close_all no more. */
+
         /* Verify and set parent pidref. */
         if (!ucred || !pid_is_valid(ucred->pid)) {
                 log_warning("Received pidref message without valid credentials. Ignoring.");