Message ID | 20190805211302.28465-1-nicolas.iooss@m4x.org (mailing list archive) |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] libselinux: ensure that digest_len is not zero | expand |
On Mon, Aug 5, 2019 at 11:13 PM Nicolas Iooss <nicolas.iooss@m4x.org> wrote: > > In add_xattr_entry(), if selabel_get_digests_all_partial_matches() > returns with digest_len = 0, the code gets executed as: > > sha1_buf = malloc(digest_len * 2 + 1); /* Allocate 1 byte */ > > /* ... */ > > for (i = 0; i < digest_len; i++) /* Do not do anything */ > sprintf((&sha1_buf[i * 2]), "%02x", xattr_digest[i]); > > /* ... */ > > new_entry->digest = strdup(sha1_buf); /* use of uninitiliazed content */ > > This is reported by some static code analyzers, even though in practise > digest_len should never be zero, and the call to sprintf() ensures that > the content of sha1_buf is initialized and terminated by '\0'. > > Make sure to never call strdup() on an uninitialized string by verifying > that digest_len != 0. > > Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> Merged. > --- > libselinux/src/selinux_restorecon.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c > index 1be453f3b494..028d8924235f 100644 > --- a/libselinux/src/selinux_restorecon.c > +++ b/libselinux/src/selinux_restorecon.c > @@ -309,7 +309,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, > &calculated_digest, > &xattr_digest, &digest_len); > > - if (!xattr_digest) { > + if (!xattr_digest || !digest_len) { > free(calculated_digest); > return 1; > } > -- > 2.22.0 >
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c index 1be453f3b494..028d8924235f 100644 --- a/libselinux/src/selinux_restorecon.c +++ b/libselinux/src/selinux_restorecon.c @@ -309,7 +309,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch, &calculated_digest, &xattr_digest, &digest_len); - if (!xattr_digest) { + if (!xattr_digest || !digest_len) { free(calculated_digest); return 1; }
In add_xattr_entry(), if selabel_get_digests_all_partial_matches() returns with digest_len = 0, the code gets executed as: sha1_buf = malloc(digest_len * 2 + 1); /* Allocate 1 byte */ /* ... */ for (i = 0; i < digest_len; i++) /* Do not do anything */ sprintf((&sha1_buf[i * 2]), "%02x", xattr_digest[i]); /* ... */ new_entry->digest = strdup(sha1_buf); /* use of uninitiliazed content */ This is reported by some static code analyzers, even though in practise digest_len should never be zero, and the call to sprintf() ensures that the content of sha1_buf is initialized and terminated by '\0'. Make sure to never call strdup() on an uninitialized string by verifying that digest_len != 0. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org> --- libselinux/src/selinux_restorecon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)