fix static analysis findings (RHEL-27043)

Resolves: RHEL-27043
2024-08-06 19:45:39 +02:00 · 2024-08-06 19:45:39 +02:00 · 74f0489487
commit 74f0489487
parent 6fcf2ff19a
2 changed files with 27 additions and 1 deletions
--- a/usermode-1.114-fix_sast.patch
+++ b/usermode-1.114-fix_sast.patch
@ -0,0 +1,21 @@
+diff -up usermode-1.114/gsmclient.c.fix_sast usermode-1.114/gsmclient.c
+--- usermode-1.114/gsmclient.c.fix_sast	2024-08-06 17:42:30.778556066 +0200
+++ usermode-1.114/gsmclient.c	2024-08-06 17:42:30.847556790 +0200
+@@ -182,6 +182,7 @@ gsm_client_init (GsmClient *client, gpoi
+   char pid_str[64];
+   int   empty_vector_len = 0;
+   char *empty_vector[] = { NULL };
+  gchar *gchptr;
+ 
+   (void)data;
+   client->priv = g_new (GsmClientPrivate, 1);
+@@ -198,7 +199,8 @@ gsm_client_init (GsmClient *client, gpoi
+    * with an empty proplist)
+    */
+   push_prop (client, smprop_new_string (GSM_CLIENT_PROPERTY_CURRENT_DIRECTORY,
+-                                        g_get_current_dir (), -1));
+                                        (gchptr=g_get_current_dir ()), -1));
+  g_free(gchptr);
+ 
+   g_snprintf (pid_str, sizeof (pid_str), "%d", (int) getpid ());
+   push_prop (client, smprop_new_string (GSM_CLIENT_PROPERTY_PROCESS_ID,
--- a/usermode.spec
+++ b/usermode.spec
@ -4,11 +4,12 @@
 Summary: Tools for certain user account management tasks
 Name: usermode
 Version: 1.114
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2+
 URL: https://pagure.io/%{name}/
 Source: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz
 Source1: config-util
+Patch1:  usermode-1.114-fix_sast.patch
 Requires: pam, passwd, util-linux
 # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/IJFYI5Q2BYZKIGDFS2WLOBDUSEGWHIKV/
 BuildRequires: make
@ -48,6 +49,7 @@ graphical tools for certain account management tasks.

 %prep
 %setup -q
+%patch -P 1 -p1 -b .fix_sast

 %build
 %configure --with-selinux --without-fexecve %{!?with_gtk:--without-gtk}
@ -108,6 +110,9 @@ done
 %endif

 %changelog
+* Tue Aug 06 2024 Michal Hlavinka <mhlavink@redhat.com> - 1.114-5
+- fix static analysis findings (RHEL-27043)
+
 * Thu Dec 09 2021 Jiri Kucera <jkucera@redhat.com> - 1.114-4
 - Rebuild with new annobin
  Related: #1984417