mirror of
https://github.com/SELinuxProject/selinux
synced 2025-02-03 03:12:17 +00:00
policycoreutils: newrole: always initialize pw fields
In extract_pw_data(), if "getpwuid(uid)" fails, the function returns an error value without initializing main's pw.pw_name. This leads main() to call "free(pw.pw_name)" on an uninitialized value. Use memset() to initialize structure pw in main(). This issue has been found using clang's static analyzer. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
parent
bfe40222e2
commit
35af459220
@ -1113,6 +1113,7 @@ int main(int argc, char *argv[])
|
||||
* malicious software), not to authorize the operation (which is covered
|
||||
* by policy). Trusted path mechanism would be preferred.
|
||||
*/
|
||||
memset(&pw, 0, sizeof(pw));
|
||||
if (extract_pw_data(&pw))
|
||||
goto err_free;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user