Skip to content

Commit

Permalink
Fix leaks for AppArmor based distros in case the profile creation fails
Browse files Browse the repository at this point in the history 
Closes GH-7646.
  • Loading branch information
@devnexen @nikic
devnexen authored and nikic committed Nov 12, 2021
1 parent 5380b41 commit b1e6fde
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions sapi/fpm/fpm/fpm_unix.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -425,16 +425,21 @@ int fpm_unix_init_child(struct fpm_worker_pool_s *wp) /* {{{ */
new_con = malloc(strlen(con) + strlen(wp->config->apparmor_hat) + 3); // // + 0 Byte
if (!new_con) {
zlog(ZLOG_SYSERROR, "[pool %s] failed to allocate memory for apparmor hat change.", wp->config->name);
free(con);
return -1;
}

if (0 > sprintf(new_con, "%s//%s", con, wp->config->apparmor_hat)) {
zlog(ZLOG_SYSERROR, "[pool %s] failed to construct apparmor confinement.", wp->config->name);
free(con);
free(new_con);
return -1;
}

if (0 > aa_change_profile(new_con)) {
zlog(ZLOG_SYSERROR, "[pool %s] failed to change to new confinement (%s). Please check if \"/proc/*/attr/current\" is read and writeable and \"change_profile -> %s//*\" is allowed.", wp->config->name, new_con, con);
free(con);
free(new_con);
return -1;
}

Expand Down

0 comments on commit b1e6fde

Please sign in to comment.