From fd8043c5253de2c532a621b72e13deb778842f66 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Fri, 12 Nov 2021 07:36:06 +0000
Subject: [PATCH] fpm fix leaks for AppArmor based distros in case the profile
 creation fails.

---
 sapi/fpm/fpm/fpm_unix.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sapi/fpm/fpm/fpm_unix.c b/sapi/fpm/fpm/fpm_unix.c
index 02893b1d49872..55c3ada2bf508 100644
--- a/sapi/fpm/fpm/fpm_unix.c
+++ b/sapi/fpm/fpm/fpm_unix.c
@@ -425,16 +425,21 @@ int fpm_unix_init_child(struct fpm_worker_pool_s *wp) /* {{{ */
 		new_con = malloc(strlen(con) + strlen(wp->config->apparmor_hat) + 3); // // + 0 Byte
 		if (!new_con) {
 			zlog(ZLOG_SYSERROR, "[pool %s] failed to allocate memory for apparmor hat change.", wp->config->name);
+			free(con);
 			return -1;
 		}
 
 		if (0 > sprintf(new_con, "%s//%s", con, wp->config->apparmor_hat)) {
 			zlog(ZLOG_SYSERROR, "[pool %s] failed to construct apparmor confinement.", wp->config->name);
+			free(con);
+			free(new_con);
 			return -1;
 		}
 
 		if (0 > aa_change_profile(new_con)) {
 			zlog(ZLOG_SYSERROR, "[pool %s] failed to change to new confinement (%s). Please check if \"/proc/*/attr/current\" is read and writeable and \"change_profile -> %s//*\" is allowed.", wp->config->name, new_con, con);
+			free(con);
+			free(new_con);
 			return -1;
 		}