If mkstemp fails here, we end up closing a negative FD: int fd = mkstemp(filename); if (fd < 0) { virNWFilterReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("cannot create temporary file")); goto err_exit; } Here's the fix: From: Jim Meyering <meyering(a)redhat.com&gt; Date: Tue, 18 May 2010 10:11:23 +0200 Subject: [PATCH] ebiptablesWriteToTempFile: don't close a negative file descriptor * src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesWriteToTempFile): Skip the close if "fd" is negative. --- src/nwfilter/nwfilter_ebiptables_driver.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/src/nwfilter/nwfilter_ebiptables_driver.c b/src/nwfilter/nwfilter_ebiptables_driver.c index 63bcbd7..ae21906 100644 --- a/src/nwfilter/nwfilter_ebiptables_driver.c +++ b/src/nwfilter/nwfilter_ebiptables_driver.c @@ -2245,7 +2245,8 @@ ebiptablesWriteToTempFile(const char *string) { err_exit: VIR_FREE(header); - close(fd); + if (fd >= 0) + close(fd); unlink(filename); return NULL; } -- 1.7.1.250.g7d1e8