40 lines
1.3 KiB
Diff
40 lines
1.3 KiB
Diff
From 44760b7ef671b83eb7d1168b07d849d1d887b54f Mon Sep 17 00:00:00 2001
|
|
From: Petr Lautrbach <plautrba@redhat.com>
|
|
Date: Tue, 25 May 2021 14:55:02 +0200
|
|
Subject: [PATCH] libselinux/setexecfilecon: remove unnecessary if
|
|
|
|
Fixes:
|
|
Error: IDENTICAL_BRANCHES (CWE-398): [#def2]
|
|
libselinux/src/setexecfilecon.c:46: implicit_else: The code from the above if-then branch is identical to the code after the if statement.
|
|
libselinux/src/setexecfilecon.c:44: identical_branches: The same code is executed when the condition "rc < 0" is true or false, because the code in the if-then branch and after the if statement is identical. Should the if statement be removed?
|
|
# 42|
|
|
# 43| rc = setexeccon(newcon);
|
|
# 44|-> if (rc < 0)
|
|
# 45| goto out;
|
|
# 46| out:
|
|
|
|
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
---
|
|
libselinux/src/setexecfilecon.c | 5 ++---
|
|
1 file changed, 2 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/libselinux/src/setexecfilecon.c b/libselinux/src/setexecfilecon.c
|
|
index 2c6505a96a48..669d426065f6 100644
|
|
--- a/libselinux/src/setexecfilecon.c
|
|
+++ b/libselinux/src/setexecfilecon.c
|
|
@@ -40,9 +40,8 @@ int setexecfilecon(const char *filename, const char *fallback_type)
|
|
}
|
|
|
|
rc = setexeccon(newcon);
|
|
- if (rc < 0)
|
|
- goto out;
|
|
- out:
|
|
+
|
|
+ out:
|
|
|
|
if (rc < 0 && security_getenforce() == 0)
|
|
rc = 0;
|
|
--
|
|
2.32.0.rc1
|
|
|