Fix: runas check fd value before calling close()

A bug could cause an 'open' command to return no FD in which
case the initial value of '-1' would be used in the call to
close().

Reported-by: Coverity Scan (1395329 Improper use of negative value)
Signed-off-by: Jérémie Galarneau <jeremie.galarneau@efficios.com>

diff --git a/src/common/runas.c b/src/common/runas.c
index debc95926e7d04fa7989ca8f62bc2b85e0e8aaf6..f3adf7355444fe8a8961f1132151110b891fc4ba 100644 (file)
--- a/src/common/runas.c
+++ b/src/common/runas.c
@@ -466,6 +466,9 @@ int cleanup_received_fd(enum run_as_cmd cmd, int fd)
                return 0;
        }
 
+       if (fd < 0) {
+               return 0;
+       }
        ret = close(fd);
        if (ret < 0) {
                PERROR("close error");