restore: don't close mnt_ns_fd twice

CID 152114 (#1 of 1): Double close (USE_AFTER_FREE) 27. double_close: Calling try_clean_remaps(int) closes handle mnt_ns_fd which has already been closed.
avagin · Oct 5, 2015 · 9eaecc1 · 9eaecc1
1 parent 6fed774
commit 9eaecc1
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/cr-restore.c b/cr-restore.c
@@ -1858,12 +1858,14 @@ static int restore_root_task(struct pstree_item *init)
 	 */
 	task_entries->nr_threads -= atomic_read(&task_entries->nr_zombies);
 
-	if (mnt_ns_fd >= 0)
+	if (mnt_ns_fd >= 0) {
 		/*
 		 * Don't try_clean_remaps here, since restore went OK
 		 * and all ghosts were removed by the openers.
 		 */
 		close(mnt_ns_fd);
+		mnt_ns_fd = -1;
+	}
 	cleanup_mnt_ns();
 
 	ret = stop_usernsd();