51d64c142b
SAST findings correspond to 'syslinux-6.04-0.26.el10: RHEL SAST Automation: address 13 High impact true positive(s)' Resolves: #RHEL-51170 Signed-off-by: Leo Sandoval <lsandova@redhat.com>
38 lines
2.2 KiB
Diff
38 lines
2.2 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Leo Sandoval <lsandova@redhat.com>
|
|
Date: Tue, 27 Jan 2026 14:15:10 -0600
|
|
Subject: [PATCH] libinstaller/advio.c: deallocated string
|
|
|
|
Fixes:
|
|
|
|
Error: RESOURCE_LEAK (CWE-772): [#def26] [important]
|
|
syslinux-6.04-pre1/libinstaller/advio.c:104:5: alloc_arg: "asprintf" allocates memory that is stored into "file". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
syslinux-6.04-pre1/libinstaller/advio.c:112:5: noescape: Resource "file" is not freed or pointed-to in "open". [Note: The source code implementation of the function has been overridden by a user model.]
|
|
syslinux-6.04-pre1/libinstaller/advio.c:132:6: noescape: Resource "file" is not freed or pointed-to in "open". [Note: The source code implementation of the function has been overridden by a user model.]
|
|
syslinux-6.04-pre1/libinstaller/advio.c:134:3: noescape: Resource "file" is not freed or pointed-to in "fprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
|
|
syslinux-6.04-pre1/libinstaller/advio.c:135:3: leaked_storage: Variable "file" going out of scope leaks the storage it points to.
|
|
# 133| if (fd < 0) {
|
|
# 134| fprintf(stderr, "Cannot open file '%s' in read/write mode !\nFatal error, exiting.\n", file);
|
|
# 135|-> return -EACCES;
|
|
# 136| } else if (fstat(fd, &xst) || xst.st_ino != st.st_ino ||
|
|
# 137| xst.st_dev != st.st_dev || xst.st_size != st.st_size) {
|
|
|
|
Signed-off-by: Leo Sandoval <lsandova@redhat.com>
|
|
---
|
|
libinstaller/advio.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/libinstaller/advio.c b/libinstaller/advio.c
|
|
index e282e11c..65e70715 100644
|
|
--- a/libinstaller/advio.c
|
|
+++ b/libinstaller/advio.c
|
|
@@ -132,6 +132,8 @@ int write_adv(const char *path, const char *cfg)
|
|
fd = open(file, O_RDWR | O_SYNC);
|
|
if (fd < 0) {
|
|
fprintf(stderr, "Cannot open file '%s' in read/write mode !\nFatal error, exiting.\n", file);
|
|
+ if (file)
|
|
+ free(file);
|
|
return -EACCES;
|
|
} else if (fstat(fd, &xst) || xst.st_ino != st.st_ino ||
|
|
xst.st_dev != st.st_dev || xst.st_size != st.st_size) {
|