In extract_pw_data(), if "getpwuid(uid)" fails, the function returns an error value without initializing main's pw.pw_name. This leads main() to call "free(pw.pw_name)" on an uninitialized value.
Use memset() to initialize structure pw in main(). This issue has been found using clang's static analyzer. Signed-off-by: Nicolas Iooss <[email protected]> --- policycoreutils/newrole/newrole.c | 1 + 1 file changed, 1 insertion(+) diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c index bed92e4e7494..077496d3b64d 100644 --- a/policycoreutils/newrole/newrole.c +++ b/policycoreutils/newrole/newrole.c @@ -1113,6 +1113,7 @@ int main(int argc, char *argv[]) * malicious software), not to authorize the operation (which is covered * by policy). Trusted path mechanism would be preferred. */ + memset(&pw, 0, sizeof(pw)); if (extract_pw_data(&pw)) goto err_free; -- 2.12.0 _______________________________________________ Selinux mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
