On Fri, Oct 25, 2024 at 2:31 PM Vit Mojzis <vmojzis@xxxxxxxxxx> wrote: > > Fixes: > Error: IDENTICAL_BRANCHES (CWE-398): > libselinux-3.6/src/setexecfilecon.c:45: implicit_else: The code from the above if-then branch is identical to the code after the if statement. > libselinux-3.6/src/setexecfilecon.c:43: identical_branches: The same code is executed when the condition "rc < 0" is true or false, because the code in the if-then branch and after the if statement is identical. Should the if statement be removed? > \# 41| > \# 42| rc = setexeccon(newcon); > \# 43|-> if (rc < 0) > \# 44| goto out; > \# 45| out: > > Signed-off-by: Vit Mojzis <vmojzis@xxxxxxxxxx> For these two patches: Acked-by: James Carter <jwcart2@xxxxxxxxx> > --- > libselinux/src/setexecfilecon.c | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/libselinux/src/setexecfilecon.c b/libselinux/src/setexecfilecon.c > index 2c6505a9..4b31e775 100644 > --- a/libselinux/src/setexecfilecon.c > +++ b/libselinux/src/setexecfilecon.c > @@ -40,8 +40,6 @@ int setexecfilecon(const char *filename, const char *fallback_type) > } > > rc = setexeccon(newcon); > - if (rc < 0) > - goto out; > out: > > if (rc < 0 && security_getenforce() == 0) > -- > 2.47.0 > >
