policycoreutils: newrole: always initialize pw fields

In extract_pw_data(), if "getpwuid(uid)" fails, the function returns an
error value without initializing main's pw.pw_name. This leads main() to
call "free(pw.pw_name)" on an uninitialized value.

Use memset() to initialize structure pw in main().

This issue has been found using clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2017-04-11 23:46:03 +02:00 committed by Stephen Smalley
parent bfe40222e2
commit 35af459220

View File

@ -1113,6 +1113,7 @@ int main(int argc, char *argv[])
* malicious software), not to authorize the operation (which is covered
* by policy). Trusted path mechanism would be preferred.
*/
memset(&pw, 0, sizeof(pw));
if (extract_pw_data(&pw))
goto err_free;