-
Bug
-
Resolution: Done-Errata
-
Normal
-
rhel-9.0.0
-
None
-
libuser-0.63-15.el9
-
None
-
Low
-
rhel-sst-cs-system-management
-
ssg_core_services
-
0
-
QE ack, Dev ack
-
False
-
-
None
-
None
-
None
Valid finding from SAST:
1.
"Error: RESOURCE_LEAK (CWE-772): libuser-0.63/lib/user.c:931: alloc_fn: Storage is returned from allocation function ""lu_ent_new"". libuser-0.63/lib/user.c:931: var_assign: Assigning: ""tmp"" = storage returned from ""lu_ent_new()"". libuser-0.63/lib/user.c:989: leaked_storage: Variable ""tmp"" going out of scope leaks the storage it points to. # 987| case group_default: # 988| /* Make sure we have both name and boolean here. */ # 989|-> g_return_val_if_fail(sdata != NULL, FALSE); # 990| /* Run the checks and preps. */ # 991| if (run_list(context, context->create_module_names,"
2.
"Error: RESOURCE_LEAK (CWE-772): libuser-0.63/lib/user.c:931: alloc_fn: Storage is returned from allocation function ""lu_ent_new"". libuser-0.63/lib/user.c:931: var_assign: Assigning: ""tmp"" = storage returned from ""lu_ent_new()"". libuser-0.63/lib/user.c:1097: leaked_storage: Variable ""tmp"" going out of scope leaks the storage it points to. # 1095| case groups_enumerate_by_user: # 1096| /* Make sure we have both name and ID here. */ # 1097|-> g_return_val_if_fail(sdata != NULL, FALSE); # 1098| if (id == users_enumerate_by_group) # 1099| ldata = convert_group_name_to_id(context, sdata,"
3.
"Error: RESOURCE_LEAK (CWE-772): libuser-0.63/lib/user.c:931: alloc_fn: Storage is returned from allocation function ""lu_ent_new"". libuser-0.63/lib/user.c:931: var_assign: Assigning: ""tmp"" = storage returned from ""lu_ent_new()"". libuser-0.63/lib/user.c:1068: leaked_storage: Variable ""tmp"" going out of scope leaks the storage it points to. # 1066| case group_setpass: # 1067| /* Make sure we have a valid password. */ # 1068|-> g_return_val_if_fail(sdata != NULL, FALSE); # 1069| /* no break: fall through */ # 1070| case user_removepass:"
- clones
-
RHEL-35578 libuser: Fix findings from static application security testing (SAST)
- Closed
- links to
-
RHBA-2024:137930 libuser bug fix and enhancement update