On Mon, May 4, 2026 at 4:14 AM Zygmunt Krynicki <[email protected]> wrote: > > get_current_exe_path() takes both an exe_file reference and a path > reference before resolving the path name. If aa_path_name() failed, it > returned immediately and leaked both references. > > Route the failure through the common cleanup path so fput() and path_put() > always run after the references are acquired. > > Fixes: 8d34e16f7f2b ("apparmor: userns: Add support for execpath in userns") > Signed-off-by: Zygmunt Krynicki <[email protected]> > --- > security/apparmor/task.c | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/security/apparmor/task.c b/security/apparmor/task.c > index 0db0e81b46001..6445cb5f85266 100644 > --- a/security/apparmor/task.c > +++ b/security/apparmor/task.c > @@ -313,9 +313,12 @@ static const char *get_current_exe_path(char *buffer, > int buffer_size) > p = exe_file->f_path; > path_get(&p); > > - if (aa_path_name(&p, FLAG_VIEW_SUBNS, buffer, &path_str, NULL, NULL)) > - return ERR_PTR(-ENOMEM); > + if (aa_path_name(&p, FLAG_VIEW_SUBNS, buffer, &path_str, NULL, NULL)) > { > + path_str = ERR_PTR(-ENOMEM); > + goto out; > + } > > +out: > fput(exe_file); > path_put(&p); > > -- > 2.53.0 > >
Reviewed-by: Ryan Lee <[email protected]>
