libselinux: do not dereference a NULL pointer when calloc() fails

selabel_is_digest_set() contains the following code:

        digest = calloc(1, sizeof(*digest));
        if (!digest)
            goto err;

    /* ... */

    err:
        free(digest->digest);

If calloc() failed, digest is NULL but is dereferenced when the
execution jumps to label err.

Check that digest is not NULL before freeing its fields.

This issue has been found using clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2017-04-07 22:44:26 +02:00 committed by Stephen Smalley
parent 682e01f79d
commit 55b5b7a646

View File

@ -191,9 +191,11 @@ static inline struct selabel_digest *selabel_is_digest_set
return NULL;
err:
free(digest->digest);
free(digest->specfile_list);
free(digest);
if (digest) {
free(digest->digest);
free(digest->specfile_list);
free(digest);
}
return NULL;
}