In accesses_apply(), in the beginning of each iteration, check
that change_fd is a valid file descriptor if the current rule
is a modify rule. Return with -1 immediately if that is not the
case.
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
}
for (rule = handle->first; rule != NULL; rule = rule->next) {
+ /* Fail immediately without doing any further processing
+ if modify rules are not supported. */
+ if (rule->deny_code >= 0 && change_fd < 0) {
+ ret = -1;
+ goto err_out;
+ }
+
access_code_to_str(clear ? 0 : rule->allow_code, allow_str);
if (rule->deny_code != -1 && !clear) {
allow_str);
}
- if (ret < 0 || fd < 0) {
+ if (ret < 0) {
ret = -1;
goto err_out;
}