On Mon, Apr 29, 2024 at 11:39 AM Christian Göttsche
<cgoettsche@xxxxxxxxxxxxx> wrote:
>
> From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> In case scandir(3) finds no entries still free the returned result to
> avoid leaking it.
>
> Also do not override errno in case of a failure.
>
> Reported.by: Cppcheck
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> ---
> libselinux/src/booleans.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c
> index c557df65..1ede8e2d 100644
> --- a/libselinux/src/booleans.c
> +++ b/libselinux/src/booleans.c
> @@ -53,7 +53,11 @@ int security_get_boolean_names(char ***names, int *len)
>
> snprintf(path, sizeof path, "%s%s", selinux_mnt, SELINUX_BOOL_DIR);
> *len = scandir(path, &namelist, &filename_select, alphasort);
> - if (*len <= 0) {
> + if (*len < 0) {
> + return -1;
> + }
> + if (*len == 0) {
Changing this will allow scandir to fail and it continue, what's the point?
> + free(namelist);
> errno = ENOENT;
> return -1;
> }
> --
> 2.43.0
>
>
