RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-02-03 03:12:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

policycoreutils: newrole: always initialize pw fields

Browse Source 
In extract_pw_data(), if "getpwuid(uid)" fails, the function returns an
error value without initializing main's pw.pw_name. This leads main() to
call "free(pw.pw_name)" on an uninitialized value.

Use memset() to initialize structure pw in main().

This issue has been found using clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2017-04-11 23:46:03 +02:00 committed by Stephen Smalley
parent bfe40222e2
commit 35af459220
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policycoreutils/newrole/newrole.c
View File

@ -1113,6 +1113,7 @@ int main(int argc, char *argv[])
* malicious software), not to authorize the operation (which is covered
* by policy). Trusted path mechanism would be preferred.
*/
memset(&pw, 0, sizeof(pw));
if (extract_pw_data(&pw))
goto err_free;