[1/6] libselinux: do not dereference a NULL pointer when calloc() fails

Commit Message

Nicolas Iooss April 7, 2017, 8:44 p.m. UTC

selabel_is_digest_set() contains the following code:

        digest = calloc(1, sizeof(*digest));
        if (!digest)
            goto err;

    /* ... */

    err:
        free(digest->digest);

If calloc() failed, digest is NULL but is dereferenced when the
execution jumps to label err.

Check that digest is not NULL before freeing its fields.

This issue has been found using clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 libselinux/src/label.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

Patch

diff --git a/libselinux/src/label.c b/libselinux/src/label.c
index 60639cfcfb74..3300ddc0ab31 100644
--- a/libselinux/src/label.c
+++ b/libselinux/src/label.c
@@ -191,9 +191,11 @@  static inline struct selabel_digest *selabel_is_digest_set
 	return NULL;
 
 err:
-	free(digest->digest);
-	free(digest->specfile_list);
-	free(digest);
+	if (digest) {
+		free(digest->digest);
+		free(digest->specfile_list);
+		free(digest);
+	}
 	return NULL;
 }