On Mon, Aug 5, 2019 at 11:13 PM Nicolas Iooss <nicolas.iooss@xxxxxxx> wrote:
>
> In add_xattr_entry(), if selabel_get_digests_all_partial_matches()
> returns with digest_len = 0, the code gets executed as:
>
> sha1_buf = malloc(digest_len * 2 + 1); /* Allocate 1 byte */
>
> /* ... */
>
> for (i = 0; i < digest_len; i++) /* Do not do anything */
> sprintf((&sha1_buf[i * 2]), "%02x", xattr_digest[i]);
>
> /* ... */
>
> new_entry->digest = strdup(sha1_buf); /* use of uninitiliazed content */
>
> This is reported by some static code analyzers, even though in practise
> digest_len should never be zero, and the call to sprintf() ensures that
> the content of sha1_buf is initialized and terminated by '\0'.
>
> Make sure to never call strdup() on an uninitialized string by verifying
> that digest_len != 0.
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Merged.
> ---
> libselinux/src/selinux_restorecon.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
> index 1be453f3b494..028d8924235f 100644
> --- a/libselinux/src/selinux_restorecon.c
> +++ b/libselinux/src/selinux_restorecon.c
> @@ -309,7 +309,7 @@ static int add_xattr_entry(const char *directory, bool delete_nonmatch,
> &calculated_digest,
> &xattr_digest, &digest_len);
>
> - if (!xattr_digest) {
> + if (!xattr_digest || !digest_len) {
> free(calculated_digest);
> return 1;
> }
> --
> 2.22.0
>
