mqueue: fix mq_open() file descriptor leak on user-space processes
authorAndré Goddard Rosa <andre.goddard@gmail.com>
Tue, 23 Feb 2010 07:04:28 +0000 (04:04 -0300)
committerAl Viro <viro@zeniv.linux.org.uk>
Wed, 3 Mar 2010 19:46:05 +0000 (14:46 -0500)
We leak fd on lookup_one_len() failure

Signed-off-by: André Goddard Rosa <andre.goddard@gmail.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
ipc/mqueue.c

index c79bd57353e73e0e68af8ca8fe1c41da787c7a61..04985a7256c27f55c94e7c7c0afc0aa9ed959b42 100644 (file)
@@ -705,7 +705,7 @@ SYSCALL_DEFINE4(mq_open, const char __user *, u_name, int, oflag, mode_t, mode,
        dentry = lookup_one_len(name, ipc_ns->mq_mnt->mnt_root, strlen(name));
        if (IS_ERR(dentry)) {
                error = PTR_ERR(dentry);
-               goto out_err;
+               goto out_putfd;
        }
        mntget(ipc_ns->mq_mnt);
 
@@ -742,7 +742,6 @@ out:
        mntput(ipc_ns->mq_mnt);
 out_putfd:
        put_unused_fd(fd);
-out_err:
        fd = error;
 out_upsem:
        mutex_unlock(&ipc_ns->mq_mnt->mnt_root->d_inode->i_mutex);