Report of the static analyzer: DEREF_OF_NULL.EX After having been assigned to a NULL value at securetty.c:17, pointer 'buf' is dereferenced at securetty.c:15 by calling function 'strcmp'.
Corrections explained: 1. Added a check `buf != NULL` before calling `strcmp` to prevent dereferencing a NULL pointer. 2. The logic of the function remains unchanged: if `buf` is not NULL after the loop ends, it means either the file `/etc/securetty` was not found, it is empty, or a line matching `short_tty` was found. In all these cases, the function returns 1 (TTY is considered secure). Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov <[email protected]> --- libbb/securetty.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libbb/securetty.c b/libbb/securetty.c index 21354e2fa..effaa3b47 100644 --- a/libbb/securetty.c +++ b/libbb/securetty.c @@ -12,7 +12,7 @@ int FAST_FUNC is_tty_secure(const char *short_tty) char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */ parser_t *parser = config_open2("/etc/securetty", fopen_for_read); while (config_read(parser, &buf, 1, 1, "# \t", PARSE_NORMAL)) { - if (strcmp(buf, short_tty) == 0) + if (buf != NULL && strcmp(buf, short_tty) == 0) break; buf = NULL; } -- 2.30.2 _______________________________________________ busybox mailing list [email protected] https://lists.busybox.net/mailman/listinfo/busybox
