rpms / libcap

Clone
Source Code
GIT

Blame SOURCES/libcap-static-analysis-fix.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   0331fab0c8b7ccdad11c83e834eb6871f707fcf1
  2.   SOURCES
  3.   libcap-static-analysis-fix.patch
Blob History Raw
0331fa 
diff --color -ru a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
0331fa 
--- a/pam_cap/pam_cap.c	2021-02-05 06:52:17.000000000 +0100
0331fa 
+++ b/pam_cap/pam_cap.c	2021-04-23 09:48:00.091122637 +0200
0331fa 
@@ -218,7 +218,7 @@
0331fa 
 	if (!cap_set_proc(cap_s)) {
0331fa 
 	    ok = 1;
0331fa 
 	}
0331fa 
-	goto cleanup_cap_s;
0331fa 
+	goto cleanup_conf;
0331fa 
     }
0331fa
0331fa 
     iab = cap_iab_from_text(conf_caps);
0331fa 
@@ -238,10 +238,9 @@
0331fa 
     _pam_drop(conf_caps);
0331fa
0331fa 
 cleanup_cap_s:
0331fa 
-    if (cap_s) {
0331fa 
-	cap_free(cap_s);
0331fa 
-	cap_s = NULL;
0331fa 
-    }
0331fa 
+    cap_free(cap_s);
0331fa 
+    cap_s = NULL;
0331fa 
+
0331fa 
     return ok;
0331fa 
 }
0331fa
0331fa 
diff --color -ru a/progs/capsh.c b/progs/capsh.c
0331fa 
--- a/progs/capsh.c	2021-02-05 06:52:17.000000000 +0100
0331fa 
+++ b/progs/capsh.c	2021-04-23 09:48:00.095122691 +0200
0331fa 
@@ -336,8 +336,8 @@
0331fa 
  */
0331fa 
 static char *find_self(const char *arg0)
0331fa 
 {
0331fa 
-    int i;
0331fa 
-    char *parts, *dir, *scratch;
0331fa 
+    int i, status=1;
0331fa 
+    char *p = NULL, *parts, *dir, *scratch;
0331fa 
     const char *path;
0331fa
0331fa 
     for (i = strlen(arg0)-1; i >= 0 && arg0[i] != '/'; i--);
0331fa 
@@ -352,21 +352,45 @@
0331fa 
     }
0331fa
0331fa 
     parts = strdup(path);
0331fa 
+    if (parts == NULL) {
0331fa 
+        fprintf(stderr, "insufficient memory for parts of path\n");
0331fa 
+	exit(1);
0331fa 
+    }
0331fa 
+
0331fa 
     scratch = malloc(2+strlen(path)+strlen(arg0));
0331fa 
-    if (parts == NULL || scratch == NULL) {
0331fa 
+    if (scratch == NULL) {
0331fa 
         fprintf(stderr, "insufficient memory for path building\n");
0331fa 
-	exit(1);
0331fa 
+	goto free_parts;
0331fa 
     }
0331fa
0331fa 
-    for (i=0; (dir = strtok(parts, ":")); parts = NULL) {
0331fa 
+    for (p = parts; (dir = strtok(p, ":")); p = NULL) {
0331fa 
         sprintf(scratch, "%s/%s", dir, arg0);
0331fa 
 	if (access(scratch, X_OK) == 0) {
0331fa 
-            return scratch;
0331fa 
+	    status = 0;
0331fa 
+	    break;
0331fa 
 	}
0331fa 
     }
0331fa 
+    if (status) {
0331fa 
+	fprintf(stderr, "unable to find executable '%s' in PATH\n", arg0);
0331fa 
+	free(scratch);
0331fa 
+    }
0331fa 
+
0331fa 
+free_parts:
0331fa 
+    free(parts);
0331fa 
+    if (status) {
0331fa 
+	exit(status);
0331fa 
+    }
0331fa 
+    return scratch;
0331fa 
+}
0331fa
0331fa 
-    fprintf(stderr, "unable to find executable '%s' in PATH\n", arg0);
0331fa 
-    exit(1);
0331fa 
+static long safe_sysconf(int name)
0331fa 
+{
0331fa 
+    long ans = sysconf(name);
0331fa 
+    if (ans <= 0) {
0331fa 
+	fprintf(stderr, "sysconf(%d) returned a non-positive number: %ld\n", name, ans);
0331fa 
+	exit(1);
0331fa 
+    }
0331fa 
+    return ans;
0331fa 
 }
0331fa
0331fa 
 int main(int argc, char *argv[], char *envp[])
0331fa 
@@ -617,7 +641,9 @@
0331fa 
 	     * Given we are now in a new directory tree, its good practice
0331fa 
 	     * to start off in a sane location
0331fa 
 	     */
0331fa 
-	    status = chdir("/");
0331fa 
+	    if (status == 0) {
0331fa 
+		status = chdir("/");
0331fa 
+	    }
0331fa
0331fa 
 	    cap_free(orig);
0331fa
0331fa 
@@ -718,14 +744,14 @@
0331fa 
 	  gid_t *group_list;
0331fa 
 	  int g_count;
0331fa
0331fa 
-	  length = sysconf(_SC_GETGR_R_SIZE_MAX);
0331fa 
+	  length = safe_sysconf(_SC_GETGR_R_SIZE_MAX);
0331fa 
 	  buf = calloc(1, length);
0331fa 
 	  if (NULL == buf) {
0331fa 
 	    fprintf(stderr, "No memory for [%s] operation\n", argv[i]);
0331fa 
 	    exit(1);
0331fa 
 	  }
0331fa
0331fa 
-	  max_groups = sysconf(_SC_NGROUPS_MAX);
0331fa 
+	  max_groups = safe_sysconf(_SC_NGROUPS_MAX);
0331fa 
 	  group_list = calloc(max_groups, sizeof(gid_t));
0331fa 
 	  if (NULL == group_list) {
0331fa 
 	    fprintf(stderr, "No memory for gid list\n");
0331fa 
@@ -741,8 +767,7 @@
0331fa 
 	    }
0331fa 
 	    if (!isdigit(*ptr)) {
0331fa 
 	      struct group *g, grp;
0331fa 
-	      getgrnam_r(ptr, &grp, buf, length, &g);
0331fa 
-	      if (NULL == g) {
0331fa 
+	      if (getgrnam_r(ptr, &grp, buf, length, &g) || NULL == g) {
0331fa 
 		fprintf(stderr, "Failed to identify gid for group [%s]\n", ptr);
0331fa 
 		exit(1);
0331fa 
 	      }
0331fa 
@@ -835,6 +860,7 @@
0331fa 
 	    argv[argc] = NULL;
0331fa 
 	    execve(argv[i], argv+i, envp);
0331fa 
 	    fprintf(stderr, "execve '%s' failed!\n", argv[i]);
0331fa 
+	    free(argv[i]);
0331fa 
 	    exit(1);
0331fa 
 	} else if (!strncmp("--shell=", argv[i], 8)) {
0331fa 
 	    shell = argv[i]+8;
0331fa 
diff --color -ru a/psx/psx.c b/psx/psx.c
0331fa 
--- a/psx/psx.c	2021-02-05 06:52:17.000000000 +0100
0331fa 
+++ b/psx/psx.c	2021-04-23 09:48:00.095122691 +0200
0331fa 
@@ -454,6 +454,10 @@
0331fa 
 int __wrap_pthread_create(pthread_t *thread, const pthread_attr_t *attr,
0331fa 
 			  void *(*start_routine) (void *), void *arg) {
0331fa 
     psx_starter_t *starter = calloc(1, sizeof(psx_starter_t));
0331fa 
+    if (starter == NULL) {
0331fa 
+	perror("failed at thread creation");
0331fa 
+	exit(1);
0331fa 
+    }
0331fa 
     starter->fn = start_routine;
0331fa 
     starter->arg = arg;
0331fa 
     /*

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation