| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Jun 2024 15:20:24 +0800
From: Ma Ke <make24@...as.ac.cn>
To: shuah@...nel.org,
usama.anjum@...labora.com,
amer.shanawany@...il.com,
make24@...as.ac.cn,
swarupkotikalapudi@...il.com,
kees@...nel.org,
luto@...nel.org,
akpm@...ux-foundation.org
Cc: linux-kselftest@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] selftests/capabilities: Fix possible file leak in copy_fromat_to
The open() function returns -1 on error. openat() and open() initialize
'from' and 'to', and only 'from' validated with 'if' statement. If the
initialization of variable 'to' fails, we should better check the value
of 'to' and close 'from' to avoid possible file leak.
Fixes: 32ae976ed3b5 ("selftests/capabilities: Add tests for capability evolution")
Signed-off-by: Ma Ke <make24@...as.ac.cn>
---
Found this error through static analysis.
---
tools/testing/selftests/capabilities/test_execve.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tools/testing/selftests/capabilities/test_execve.c b/tools/testing/selftests/capabilities/test_execve.c
index 47bad7ddc5bc..de187eff177d 100644
--- a/tools/testing/selftests/capabilities/test_execve.c
+++ b/tools/testing/selftests/capabilities/test_execve.c
@@ -149,6 +149,10 @@ static void copy_fromat_to(int fromfd, const char *fromname, const char *toname)
ksft_exit_fail_msg("open copy source - %s\n", strerror(errno));
int to = open(toname, O_CREAT | O_WRONLY | O_EXCL, 0700);
+ if (to == -1) {
+ close(from);
+ ksft_exit_fail_msg("open copy destination - %s\n", strerror(errno));
+ }
while (true) {
char buf[4096];
--
2.25.1
Powered by blists - more mailing lists