#23 Free "tmp" lu_ent structure on certain failures in user.c
Opened 2 years ago by jhrozek. Modified 2 years ago

There are some cases where we should free tmp in user.c in case of a failure:

Error: RESOURCE_LEAK (CWE-772): [#def19]
libuser-0.62/lib/user.c:925: alloc_fn: Storage is returned from allocation function "lu_ent_new".
libuser-0.62/lib/entity.c:52:2: alloc_fn: Storage is returned from allocation function "g_malloc0".
libuser-0.62/lib/entity.c:52:2: var_assign: Assigning: "ent" = "g_malloc0(40UL)".
libuser-0.62/lib/entity.c:58:2: return_alloc: Returning allocated memory "ent".
libuser-0.62/lib/user.c:925: var_assign: Assigning: "tmp" = storage returned from "lu_ent_new()".
libuser-0.62/lib/user.c:927: noescape: Resource "tmp" is not freed or pointed-to in "lu_ent_copy".
libuser-0.62/lib/entity.c:311:51: noescape: "lu_ent_copy(struct lu_ent *, struct lu_ent *)" does not free or save its parameter "dest".
libuser-0.62/lib/user.c:983: leaked_storage: Variable "tmp" going out of scope leaks the storage it points to.
#  981|     case group_default:
#  982|         /* Make sure we have both name and boolean here. */
#  983|->       g_return_val_if_fail(sdata != NULL, FALSE);
#  984|         /* Run the checks and preps. */
#  985|         if (run_list(context, context->create_module_names,

Error: RESOURCE_LEAK (CWE-772): [#def20]
libuser-0.62/lib/user.c:925: alloc_fn: Storage is returned from allocation function "lu_ent_new".
libuser-0.62/lib/entity.c:52:2: alloc_fn: Storage is returned from allocation function "g_malloc0".
libuser-0.62/lib/entity.c:52:2: var_assign: Assigning: "ent" = "g_malloc0(40UL)".
libuser-0.62/lib/entity.c:58:2: return_alloc: Returning allocated memory "ent".
libuser-0.62/lib/user.c:925: var_assign: Assigning: "tmp" = storage returned from "lu_ent_new()".
libuser-0.62/lib/user.c:927: noescape: Resource "tmp" is not freed or pointed-to in "lu_ent_copy".
libuser-0.62/lib/entity.c:311:51: noescape: "lu_ent_copy(struct lu_ent *, struct lu_ent *)" does not free or save its parameter "dest".
libuser-0.62/lib/user.c:1062: leaked_storage: Variable "tmp" going out of scope leaks the storage it points to.
# 1060|     case group_setpass:
# 1061|         /* Make sure we have a valid password. */
# 1062|->       g_return_val_if_fail(sdata != NULL, FALSE);
# 1063|         /* no break: fall through */
# 1064|     case user_removepass:

Error: RESOURCE_LEAK (CWE-772): [#def22]
libuser-0.62/lib/user.c:925: alloc_fn: Storage is returned from allocation function "lu_ent_new".
libuser-0.62/lib/entity.c:52:2: alloc_fn: Storage is returned from allocation function "g_malloc0".
libuser-0.62/lib/entity.c:52:2: var_assign: Assigning: "ent" = "g_malloc0(40UL)".
libuser-0.62/lib/entity.c:58:2: return_alloc: Returning allocated memory "ent".
libuser-0.62/lib/user.c:925: var_assign: Assigning: "tmp" = storage returned from "lu_ent_new()".
libuser-0.62/lib/user.c:927: noescape: Resource "tmp" is not freed or pointed-to in "lu_ent_copy".
libuser-0.62/lib/entity.c:311:51: noescape: "lu_ent_copy(struct lu_ent *, struct lu_ent *)" does not free or save its parameter "dest".
libuser-0.62/lib/user.c:1091: leaked_storage: Variable "tmp" going out of scope leaks the storage it points to.
# 1089|     case groups_enumerate_by_user:
# 1090|         /* Make sure we have both name and ID here. */
# 1091|->       g_return_val_if_fail(sdata != NULL, FALSE);
# 1092|         if (id == users_enumerate_by_group)
# 1093|             ldata = convert_group_name_to_id(context, sdata,

Metadata Update from @jhrozek:
- Issue assigned to jhrozek

2 years ago

Login to comment on this ticket.

Metadata