From f7e3aeaf41480a8cfd255dd198f16af9e5e99e5b Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Wed, 21 Apr 2021 20:08:50 -0700
Subject: [PATCH 3/3] Bug fixes identified by static code analysis.

Analysis and much of this commit was contributed by Zoltan
Fridrich of Redhat.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
 pam_cap/pam_cap.c |  9 ++++-----
 progs/capsh.c     | 30 ++++++++++++++++++++++--------
 2 files changed, 26 insertions(+), 13 deletions(-)

diff --git a/pam_cap/pam_cap.c b/pam_cap/pam_cap.c
index 6927f7b..5b48b06 100644
--- a/pam_cap/pam_cap.c
+++ b/pam_cap/pam_cap.c
@@ -218,7 +218,7 @@ static int set_capabilities(struct pam_cap_s *cs)
 	if (!cap_set_proc(cap_s)) {
 	    ok = 1;
 	}
-	goto cleanup_cap_s;
+	goto cleanup_conf;
     }
 
     iab = cap_iab_from_text(conf_caps);
@@ -238,10 +238,9 @@ cleanup_conf:
     _pam_drop(conf_caps);
 
 cleanup_cap_s:
-    if (cap_s) {
-	cap_free(cap_s);
-	cap_s = NULL;
-    }
+    cap_free(cap_s);
+    cap_s = NULL;
+
     return ok;
 }
 
diff --git a/progs/capsh.c b/progs/capsh.c
index a39ceeb..0507ea4 100644
--- a/progs/capsh.c
+++ b/progs/capsh.c
@@ -336,8 +336,8 @@ static void arg_change_amb(const char *arg_names, cap_flag_value_t set)
  */
 static char *find_self(const char *arg0)
 {
-    int i;
-    char *parts, *dir, *scratch;
+    int i, status=1;
+    char *p = NULL, *parts, *dir, *scratch;
     const char *path;
 
     for (i = strlen(arg0)-1; i >= 0 && arg0[i] != '/'; i--);
@@ -352,21 +352,35 @@ static char *find_self(const char *arg0)
     }
 
     parts = strdup(path);
+    if (parts == NULL) {
+        fprintf(stderr, "insufficient memory for parts of path\n");
+	exit(1);
+    }
+
     scratch = malloc(2+strlen(path)+strlen(arg0));
-    if (parts == NULL || scratch == NULL) {
+    if (scratch == NULL) {
         fprintf(stderr, "insufficient memory for path building\n");
-	exit(1);
+	goto free_parts;
     }
 
-    for (i=0; (dir = strtok(parts, ":")); parts = NULL) {
+    for (i=0, p = parts; (dir = strtok(p, ":")); p = NULL) {
         sprintf(scratch, "%s/%s", dir, arg0);
 	if (access(scratch, X_OK) == 0) {
-            return scratch;
+	    status = 0;
+	    break;
 	}
     }
+    if (status) {
+	fprintf(stderr, "unable to find executable '%s' in PATH\n", arg0);
+	free(scratch);
+    }
 
-    fprintf(stderr, "unable to find executable '%s' in PATH\n", arg0);
-    exit(1);
+free_parts:
+    free(parts);
+    if (status) {
+	exit(status);
+    }
+    return scratch;
 }
 
 int main(int argc, char *argv[], char *envp[])
-- 
2.42.0