Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-8.10.z
Affects Version/s: rhel-8.0.0
Component/s: libuser
Labels:
None

Fixed in Build:
libuser-0.62-26.el8_10
Regression:
None
Severity:
None
Epic Link:
SSSD-7534

Pool Team:

rhel-sst-idm-sssd
Sub-System Group:

ssg_idm

Story Points:
2
ACKs Check:

QE ack, Dev ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
Pass
Testable Builds:
libuser-0.62-26.el8_10
Errata Link:
https://errata.engineering.redhat.com/advisory/137931
Test Coverage:
None

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Valid finding from SAST:

"Error: RESOURCE_LEAK (CWE-772):
libuser-0.63/lib/user.c:931: alloc_fn: Storage is returned from allocation function ""lu_ent_new"".
libuser-0.63/lib/user.c:931: var_assign: Assigning: ""tmp"" = storage returned from ""lu_ent_new()"".
libuser-0.63/lib/user.c:989: leaked_storage: Variable ""tmp"" going out of scope leaks the storage it points to.
#  987|       case group_default:
#  988|           /* Make sure we have both name and boolean here. */
#  989|->         g_return_val_if_fail(sdata != NULL, FALSE);
#  990|           /* Run the checks and preps. */
#  991|           if (run_list(context, context->create_module_names,"

"Error: RESOURCE_LEAK (CWE-772):
libuser-0.63/lib/user.c:931: alloc_fn: Storage is returned from allocation function ""lu_ent_new"".
libuser-0.63/lib/user.c:931: var_assign: Assigning: ""tmp"" = storage returned from ""lu_ent_new()"".
libuser-0.63/lib/user.c:1097: leaked_storage: Variable ""tmp"" going out of scope leaks the storage it points to.
# 1095|       case groups_enumerate_by_user:
# 1096|           /* Make sure we have both name and ID here. */
# 1097|->         g_return_val_if_fail(sdata != NULL, FALSE);
# 1098|           if (id == users_enumerate_by_group)
# 1099|               ldata = convert_group_name_to_id(context, sdata,"

"Error: RESOURCE_LEAK (CWE-772):
libuser-0.63/lib/user.c:931: alloc_fn: Storage is returned from allocation function ""lu_ent_new"".
libuser-0.63/lib/user.c:931: var_assign: Assigning: ""tmp"" = storage returned from ""lu_ent_new()"".
libuser-0.63/lib/user.c:1068: leaked_storage: Variable ""tmp"" going out of scope leaks the storage it points to.
# 1066|   	case group_setpass:
# 1067|   		/* Make sure we have a valid password. */
# 1068|-> 		g_return_val_if_fail(sdata != NULL, FALSE);
# 1069|   		/* no break: fall through */
# 1070|   	case user_removepass:"

is cloned by

RHEL-35693 libuser: Fix findings from static application security testing (SAST)

Closed

links to

RHBA-2024:137931 libuser update

Assignee:: Michal Hlavinka

Reporter:: Tomas Halman

Developer:: Tomas Halman

QA Contact:: Shridhar Gadekar

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/05/06 2:06 PM

Updated:: 2024/09/24 1:48 AM

Resolved:: 2024/09/24 1:48 AM

Release Date:: 2024/09/24

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates