[1/1] libselinux: ensure that digest_len is not zero
diff mbox series

Message ID 20190805211302.28465-1-nicolas.iooss@m4x.org
State New
Headers show
Series
  • [1/1] libselinux: ensure that digest_len is not zero
Related show

Commit Message

Nicolas Iooss Aug. 5, 2019, 9:13 p.m. UTC
In add_xattr_entry(), if selabel_get_digests_all_partial_matches()
returns with digest_len = 0, the code gets executed as:

    sha1_buf = malloc(digest_len * 2 + 1);  /* Allocate 1 byte */

    /* ... */

    for (i = 0; i < digest_len; i++)  /* Do not do anything */
        sprintf((&sha1_buf[i * 2]), "%02x", xattr_digest[i]);

    /* ... */

    new_entry->digest = strdup(sha1_buf);  /* use of uninitiliazed content */

This is reported by some static code analyzers, even though in practise
digest_len should never be zero, and the call to sprintf() ensures that
the content of sha1_buf is initialized and terminated by '\0'.

Make sure to never call strdup() on an uninitialized string by verifying
that digest_len != 0.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 libselinux/src/selinux_restorecon.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch
diff mbox series

diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
index 1be453f3b494..028d8924235f 100644
--- a/libselinux/src/selinux_restorecon.c
+++ b/libselinux/src/selinux_restorecon.c
@@ -309,7 +309,7 @@  static int add_xattr_entry(const char *directory, bool delete_nonmatch,
 						&calculated_digest,
 						&xattr_digest, &digest_len);
 
-	if (!xattr_digest) {
+	if (!xattr_digest || !digest_len) {
 		free(calculated_digest);
 		return 1;
 	}