From c67225432969c8aadf3feea8104c0e245ef84486 Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@m4x.org>
Date: Sun, 28 Feb 2021 09:48:09 +0100
Subject: [PATCH] restorecond: invalidate local_lock_fd properly when closing
 it

If flock(local_lock_fd,...) fails, in function local_server(), the file
descriptor to the lock file is closed but local_lock_fd is not reset to
-1. This leads to server() calling end_local_server(), which closes the
file descriptor again.

Fix this double-close issue by setting local_lock_fd to -1 after closing
it.

This issue was found by using Facebook's Infer static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 restorecond/user.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/restorecond/user.c b/restorecond/user.c
index a24b8407..47b86823 100644
--- a/restorecond/user.c
+++ b/restorecond/user.c
@@ -230,9 +230,10 @@ static int local_server(void) {
 		return -1;
 	}
 	if (flock(local_lock_fd, LOCK_EX | LOCK_NB) < 0) {
-		close(local_lock_fd);
 		if (debug_mode)
 			perror("flock");
+		close(local_lock_fd);
+		local_lock_fd = -1;
 		return -1;
 	}
 	/* watch for stdin/terminal going away */