On Friday, July 13, 2012 09:28:37 AM Kent Yoder wrote:
> > diff -urp trousers-0.3.9.orig/src/tcs/tcs_evlog_imaem.c
> > trousers-0.3.9/src/tcs/tcs_evlog_imaem.c ---
> > trousers-0.3.9.orig/src/tcs/tcs_evlog_imaem.c 2011-05-04
> > 10:33:11.000000000 -0400 +++
> > trousers-0.3.9/src/tcs/tcs_evlog_imaem.c 2012-06-22 12:06:57.078740934
> > -0400 @@ -80,14 +80,19 @@ ima_get_entries_by_pcr(FILE *handle, UIN
> >
> > char page[IMA_READ_SIZE];
> > int error_path = 1, ptr = 0;
> > UINT32 copied_events = 0, i;
> >
> > - struct event_wrapper *list = calloc(1, sizeof(struct
> > event_wrapper)); + struct event_wrapper *list;
> >
> > struct event_wrapper *cur = list;
> > TSS_RESULT result = TCSERR(TSS_E_INTERNAL_ERROR);
> > FILE *fp = (FILE *) handle;
> > uint len;
> > char name[255];
> >
> > - if (list == NULL) {
> > + if (!fp) {
> > + perror("unable to open file\n");
> > + return 1;
> > + }
> > +
> > + if ((list = calloc(1, sizeof(struct event_wrapper))) == NULL) {
> >
> > LogError("malloc of %zd bytes failed.", sizeof(struct
> >event_wrapper)); return TCSERR(TSS_E_OUTOFMEMORY);
> > }
> >
> > @@ -97,10 +102,6 @@ ima_get_entries_by_pcr(FILE *handle, UIN
> >
> > goto free_list;
> > }
> >
> > - if (!fp) {
> > - perror("unable to open file\n");
> > - return 1;
> > - }
> >
> > rewind(fp);
> >
> > while (fread(page, 24, 1, fp)) {
>
> The hunk above shouldn't be necessary. I'm guessing that the static
> analysis tool was fooled by the fact that we get here through a
> function pointer, but the fp arg is always checked prior to getting in
> here. This hunk also breaks the code where cur = list. I'll leave
> this hunk out.
Well, what its doing is seeing that there is a check for fp being NULL. So, it
assumes that this is a possible value. And if that's the case, the calloc()
for list doesn't have a matching free() for list at this exit point.
Just placing a free for list in the error exit would make the analyser happy.
But I thought if fp was NULL and we are going to exit, why call calloc() in
the first place?
-Steve
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
TrouSerS-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-tech
