Re: Re: [PATCH] libsepol: Prevent freeing unitialized value in ibendport handling
On 03/08/2018 04:34 PM, Nicolas Iooss wrote: On Wed, Mar 7, 2018 at 4:05 PM, James Carterwrote: Nicolas Iooss reports: In sepol_ibendport_key_create(), if sepol_ibendport_alloc_ibdev_name() fails to allocate tmp_key->ibdev_name, sepol_ibendport_key_free() is called to free the memory associated with tmp_key, which results in free() being called on uninitialized tmp_key->ibdev_name. This issue is reported by clang's static analyzer with the following message: ibendport_record.c:115:2: warning: 1st function call argument is an uninitialized value free(key->ibdev_name); ^ Signed-off-by: James Carter --- libsepol/src/ibendport_record.c | 7 ++- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/libsepol/src/ibendport_record.c b/libsepol/src/ibendport_record.c index 912aeb53..bc56f090 100644 --- a/libsepol/src/ibendport_record.c +++ b/libsepol/src/ibendport_record.c @@ -32,14 +32,11 @@ struct sepol_ibendport_key { int sepol_ibendport_alloc_ibdev_name(sepol_handle_t *handle, char **ibdev_name) { - char *tmp_ibdev_name = NULL; - - tmp_ibdev_name = calloc(1, IB_DEVICE_NAME_MAX); + *ibdev_name = calloc(1, IB_DEVICE_NAME_MAX); - if (!tmp_ibdev_name) + if (!*ibdev_name) goto omem; - *ibdev_name = tmp_ibdev_name; return STATUS_SUCCESS; omem: -- 2.13.6 This patch looks good to me and I confirm clang's static analyzer no longer reports the issue I had. Acked-by: Nicolas Iooss Thanks, Nicolas This has been applied. Jim -- James Carter National Security Agency
Re: [PATCH] libsepol: Prevent freeing unitialized value in ibendport handling
On Wed, Mar 7, 2018 at 4:05 PM, James Carterwrote: > Nicolas Iooss reports: > In sepol_ibendport_key_create(), if sepol_ibendport_alloc_ibdev_name() > fails to allocate tmp_key->ibdev_name, sepol_ibendport_key_free() is > called to free the memory associated with tmp_key, which results in > free() being called on uninitialized tmp_key->ibdev_name. > > This issue is reported by clang's static analyzer with the following > message: > > ibendport_record.c:115:2: warning: 1st function call argument is an > uninitialized value > free(key->ibdev_name); > ^ > > Signed-off-by: James Carter > --- > libsepol/src/ibendport_record.c | 7 ++- > 1 file changed, 2 insertions(+), 5 deletions(-) > > diff --git a/libsepol/src/ibendport_record.c b/libsepol/src/ibendport_record.c > index 912aeb53..bc56f090 100644 > --- a/libsepol/src/ibendport_record.c > +++ b/libsepol/src/ibendport_record.c > @@ -32,14 +32,11 @@ struct sepol_ibendport_key { > int sepol_ibendport_alloc_ibdev_name(sepol_handle_t *handle, > char **ibdev_name) > { > - char *tmp_ibdev_name = NULL; > - > - tmp_ibdev_name = calloc(1, IB_DEVICE_NAME_MAX); > + *ibdev_name = calloc(1, IB_DEVICE_NAME_MAX); > > - if (!tmp_ibdev_name) > + if (!*ibdev_name) > goto omem; > > - *ibdev_name = tmp_ibdev_name; > return STATUS_SUCCESS; > > omem: > -- > 2.13.6 > This patch looks good to me and I confirm clang's static analyzer no longer reports the issue I had. Acked-by: Nicolas Iooss Thanks, Nicolas
[PATCH] libsepol: Prevent freeing unitialized value in ibendport handling
Nicolas Iooss reports: In sepol_ibendport_key_create(), if sepol_ibendport_alloc_ibdev_name() fails to allocate tmp_key->ibdev_name, sepol_ibendport_key_free() is called to free the memory associated with tmp_key, which results in free() being called on uninitialized tmp_key->ibdev_name. This issue is reported by clang's static analyzer with the following message: ibendport_record.c:115:2: warning: 1st function call argument is an uninitialized value free(key->ibdev_name); ^ Signed-off-by: James Carter--- libsepol/src/ibendport_record.c | 7 ++- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/libsepol/src/ibendport_record.c b/libsepol/src/ibendport_record.c index 912aeb53..bc56f090 100644 --- a/libsepol/src/ibendport_record.c +++ b/libsepol/src/ibendport_record.c @@ -32,14 +32,11 @@ struct sepol_ibendport_key { int sepol_ibendport_alloc_ibdev_name(sepol_handle_t *handle, char **ibdev_name) { - char *tmp_ibdev_name = NULL; - - tmp_ibdev_name = calloc(1, IB_DEVICE_NAME_MAX); + *ibdev_name = calloc(1, IB_DEVICE_NAME_MAX); - if (!tmp_ibdev_name) + if (!*ibdev_name) goto omem; - *ibdev_name = tmp_ibdev_name; return STATUS_SUCCESS; omem: -- 2.13.6