libcap/backport-Address-some-static-analysis-observations.patch

From a044d8b496ef598c61f0634172c742bd52ccf776 Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Fri, 15 Nov 2024 07:26:42 -0800
Subject: [PATCH] Address some static analysis observations.

These were reported by Carlos Rodriguez-Fernandez with respect
to some analysis performed on the Fedora libcap-2.71 package.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
 libcap/execable.h | 1 +
 pam_cap/pam_cap.c | 6 +++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/libcap/execable.h b/libcap/execable.h
index 7a2d247..89e61a3 100644
--- a/libcap/execable.h
+++ b/libcap/execable.h
@@ -38,6 +38,7 @@ static void __execable_parse_args(int *argc_p, char ***argv_p)
 	    char *new_mem = realloc(mem, size+1);
 	    if (new_mem == NULL) {
 		perror("unable to parse arguments");
+		fclose(f);
 		if (mem != NULL) {
 		    free(mem);
 		}
diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
index 3fe3b8c..24de329 100644
--- a/pam_cap/pam_cap.c
+++ b/pam_cap/pam_cap.c
@@ -170,7 +170,8 @@ static char *read_capabilities_for_user(const char *user, const char *source)
 
 	    int i;
 	    for (i=0; i < groups_n; i++) {
-		if (!strcmp(groups[i], line+1)) {
+		const char *g = groups[i];
+		if (g != NULL && !strcmp(g, line+1)) {
 		    D(("user group matched [%s]", line));
 		    found_one = 1;
 		    break;
@@ -283,6 +284,9 @@ static int set_capabilities(struct pam_cap_s *cs)
 	    goto cleanup_cap_s;
 	}
 	conf_caps = strdup(cs->fallback);
+	if (conf_caps == NULL) {
+	    goto cleanup_cap_s;
+	}
 	D(("user [%s] received fallback caps [%s]", cs->user, conf_caps));
     }
 
-- 
2.33.0