frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Xext: selinux: fix possible NULL dereference 

> ../Xext/xselinux_ext.c: In function ‘SELinuxSendItemsToClient’:
> ../Xext/xselinux_ext.c:358:18: warning: dereference of possibly-NULL ‘buf’ [CWE-690] [-Wanalyzer-possible-null-dereference]
>   358 |         buf[pos] = items[k].id;
>       |         ~~~~~~~~~^~~~~~~~~~~~~

> ../Xext/xselinux_ext.c: In function ‘SELinuxFreeItems’:
> ../Xext/xselinux_ext.c:335:9: warning: dereference of possibly-NULL ‘items’ [CWE-690] [-Wanalyzer-possible-null-dereference]
>   335 |         freecon(items[k].octx);
>       |         ^~~~~~~~~~~~~~~~~~~~~~

> ../Xext/xselinux_ext.c: In function ‘SELinuxPopulateItem’:
> ../Xext/xselinux_ext.c:321:11: warning: dereference of possibly-NULL ‘i’ [CWE-690] [-Wanalyzer-possible-null-dereference]
>   321 |     i->id = id;
>       |     ~~~~~~^~~~

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
This commit is contained in:
Enrico Weigelt, metux IT consult 2025-05-06 19:14:57 +02:00
parent 0e8ff0bf57
commit cd13a40667
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Xext/xselinux_ext.c
View File

@ -313,6 +313,8 @@ SELinuxPopulateItem(SELinuxListItemRec * i, PrivateRec ** privPtr, CARD32 id,
SELinuxObjectRec *obj = dixLookupPrivate(privPtr, objectKey); SELinuxObjectRec *obj = dixLookupPrivate(privPtr, objectKey);
SELinuxObjectRec *data = dixLookupPrivate(privPtr, dataKey); SELinuxObjectRec *data = dixLookupPrivate(privPtr, dataKey);
if (!i)
return BadValue;
if (avc_sid_to_context_raw(obj->sid, &i->octx) < 0) if (avc_sid_to_context_raw(obj->sid, &i->octx) < 0)
return BadValue; return BadValue;
if (avc_sid_to_context_raw(data->sid, &i->dctx) < 0) if (avc_sid_to_context_raw(data->sid, &i->dctx) < 0)
@ -331,6 +333,9 @@ SELinuxFreeItems(SELinuxListItemRec * items, int count)
{ {
int k; int k;
if (!items)
return;
for (k = 0; k < count; k++) { for (k = 0; k < count; k++) {
freecon(items[k].octx); freecon(items[k].octx);
freecon(items[k].dctx); freecon(items[k].dctx);
@ -348,6 +353,9 @@ SELinuxSendItemsToClient(ClientPtr client, SELinuxListItemRec * items,
goto out; goto out;
} }
if (!buf) // silence analyzer warning
goto sendreply;
/* Fill in the buffer */ /* Fill in the buffer */
for (k = 0; k < count; k++) { for (k = 0; k < count; k++) {
buf[pos] = items[k].id; buf[pos] = items[k].id;
@ -371,6 +379,7 @@ SELinuxSendItemsToClient(ClientPtr client, SELinuxListItemRec * items,
pos += items[k].dctx_len; pos += items[k].dctx_len;
} }
sendreply: ;
/* Send reply to client */ /* Send reply to client */
SELinuxListItemsReply rep = { SELinuxListItemsReply rep = {
.type = X_Reply, .type = X_Reply,