Xext: selinux: fix possible NULL dereference
> ../Xext/xselinux_ext.c: In function ‘SELinuxSendItemsToClient’: > ../Xext/xselinux_ext.c:358:18: warning: dereference of possibly-NULL ‘buf’ [CWE-690] [-Wanalyzer-possible-null-dereference] > 358 | buf[pos] = items[k].id; > | ~~~~~~~~~^~~~~~~~~~~~~ > ../Xext/xselinux_ext.c: In function ‘SELinuxFreeItems’: > ../Xext/xselinux_ext.c:335:9: warning: dereference of possibly-NULL ‘items’ [CWE-690] [-Wanalyzer-possible-null-dereference] > 335 | freecon(items[k].octx); > | ^~~~~~~~~~~~~~~~~~~~~~ > ../Xext/xselinux_ext.c: In function ‘SELinuxPopulateItem’: > ../Xext/xselinux_ext.c:321:11: warning: dereference of possibly-NULL ‘i’ [CWE-690] [-Wanalyzer-possible-null-dereference] > 321 | i->id = id; > | ~~~~~~^~~~ Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
This commit is contained in:
		
							parent
							
								
									0e8ff0bf57
								
							
						
					
					
						commit
						cd13a40667
					
				|  | @ -313,6 +313,8 @@ SELinuxPopulateItem(SELinuxListItemRec * i, PrivateRec ** privPtr, CARD32 id, | ||||||
|     SELinuxObjectRec *obj = dixLookupPrivate(privPtr, objectKey); |     SELinuxObjectRec *obj = dixLookupPrivate(privPtr, objectKey); | ||||||
|     SELinuxObjectRec *data = dixLookupPrivate(privPtr, dataKey); |     SELinuxObjectRec *data = dixLookupPrivate(privPtr, dataKey); | ||||||
| 
 | 
 | ||||||
|  |     if (!i) | ||||||
|  |         return BadValue; | ||||||
|     if (avc_sid_to_context_raw(obj->sid, &i->octx) < 0) |     if (avc_sid_to_context_raw(obj->sid, &i->octx) < 0) | ||||||
|         return BadValue; |         return BadValue; | ||||||
|     if (avc_sid_to_context_raw(data->sid, &i->dctx) < 0) |     if (avc_sid_to_context_raw(data->sid, &i->dctx) < 0) | ||||||
|  | @ -331,6 +333,9 @@ SELinuxFreeItems(SELinuxListItemRec * items, int count) | ||||||
| { | { | ||||||
|     int k; |     int k; | ||||||
| 
 | 
 | ||||||
|  |     if (!items) | ||||||
|  |         return; | ||||||
|  | 
 | ||||||
|     for (k = 0; k < count; k++) { |     for (k = 0; k < count; k++) { | ||||||
|         freecon(items[k].octx); |         freecon(items[k].octx); | ||||||
|         freecon(items[k].dctx); |         freecon(items[k].dctx); | ||||||
|  | @ -348,6 +353,9 @@ SELinuxSendItemsToClient(ClientPtr client, SELinuxListItemRec * items, | ||||||
|         goto out; |         goto out; | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|  |     if (!buf) // silence analyzer warning
 | ||||||
|  |         goto sendreply; | ||||||
|  | 
 | ||||||
|     /* Fill in the buffer */ |     /* Fill in the buffer */ | ||||||
|     for (k = 0; k < count; k++) { |     for (k = 0; k < count; k++) { | ||||||
|         buf[pos] = items[k].id; |         buf[pos] = items[k].id; | ||||||
|  | @ -371,6 +379,7 @@ SELinuxSendItemsToClient(ClientPtr client, SELinuxListItemRec * items, | ||||||
|         pos += items[k].dctx_len; |         pos += items[k].dctx_len; | ||||||
|     } |     } | ||||||
| 
 | 
 | ||||||
|  | sendreply: ; | ||||||
|     /* Send reply to client */ |     /* Send reply to client */ | ||||||
|     SELinuxListItemsReply rep = { |     SELinuxListItemsReply rep = { | ||||||
|         .type = X_Reply, |         .type = X_Reply, | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue