Fix an issue found in Coverity scan

2018-10-22 17:00:26 +02:00 · 2018-10-22 17:00:26 +02:00 · 3a35fcb032
commit 3a35fcb032
parent c793aba174
2 changed files with 42 additions and 1 deletions
--- a/libpwquality-1.4.0-covscan.patch
+++ b/libpwquality-1.4.0-covscan.patch
@ -0,0 +1,32 @@
+From fbf963dde2cbe34dba1df269b9506f4a55c39357 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Mon, 22 Oct 2018 16:29:31 +0200
+Subject: [PATCH] Use calloc() instead of malloc() in distcalculate to
+ initialize the memory.
+
+---
+ src/check.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/check.c b/src/check.c
+index ac7cbd5..61218a7 100644
+--- a/src/check.c
+++ b/src/check.c
+@@ -96,12 +96,12 @@ distance(const char *old, const char *new)
+ 
+         m = strlen(old);
+         n = strlen(new);
+-        distances = malloc(sizeof(int*) * (m + 1));
+        distances = calloc(m + 1, sizeof(int*));
+         if (distances == NULL)
+                 return -1;
+ 
+         for (i = 0; i <= m; i++) {
+-                distances[i] = malloc(sizeof(int) * (n + 1));
+                distances[i] = calloc(n + 1, sizeof(int));
+                 if (distances[i] == NULL)
+                         goto allocfail;
+ 
+-- 
+2.14.5
+
--- a/libpwquality.spec
+++ b/libpwquality.spec
@ -15,12 +15,13 @@
 Summary: A library for password generation and password quality checking
 Name: libpwquality
 Version: 1.4.0
-Release: 10%{?dist}
+Release: 11%{?dist}
 # The package is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
 License: BSD or GPLv2+
 Group: System Environment/Base
 Source0: https://github.com/libpwquality/libpwquality/releases/download/libpwquality-%{version}/libpwquality-%{version}.tar.bz2
+Patch1: libpwquality-1.4.0-covscan.patch

 %global _pwqlibdir %{_libdir}
 %global _moduledir %{_libdir}/security
@ -32,8 +33,12 @@ BuildRequires: gcc
 BuildRequires: cracklib-devel
 BuildRequires: gettext
 BuildRequires: pam-devel
+%if %{with python2}
 BuildRequires: python2-devel
+%endif
+%if %{with python3}
 BuildRequires: python3-devel
+%endif

 URL: https://github.com/libpwquality/libpwquality/

@ -86,6 +91,7 @@ pronounceable passwords from Python applications.

 %prep
 %setup -q
+%patch1 -p1 -b .covscan

 %if %{with python3} && %{with python2}
 rm -rf %{py3dir}
@ -178,6 +184,9 @@ mkdir $RPM_BUILD_ROOT%{_secconfdir}/pwquality.conf.d
 %endif

 %changelog
+* Mon Oct 22 2018 Tomáš Mráz <tmraz@redhat.com> 1.4.0-11
+- Fix an issue found in Coverity scan
+
 * Tue Jul 31 2018 Florian Weimer <fweimer@redhat.com> - 1.4.0-10
 - Rebuild with fixed binutils