In extract_pw_data(), if "getpwuid(uid)" fails, the function returns an error value without initializing main's pw.pw_name. This leads main() to call "free(pw.pw_name)" on an uninitialized value. Use memset() to initialize structure pw in main(). This issue has been found using clang's static analyzer. Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx> --- policycoreutils/newrole/newrole.c | 1 + 1 file changed, 1 insertion(+) diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c index bed92e4e7494..077496d3b64d 100644 --- a/policycoreutils/newrole/newrole.c +++ b/policycoreutils/newrole/newrole.c @@ -1113,6 +1113,7 @@ int main(int argc, char *argv[]) * malicious software), not to authorize the operation (which is covered * by policy). Trusted path mechanism would be preferred. */ + memset(&pw, 0, sizeof(pw)); if (extract_pw_data(&pw)) goto err_free; -- 2.12.0 _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
