From 1aed7ae945aafaeb253fc89a7ecedeaedf72654e Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Thu, 10 Jun 2021 13:05:03 +0200
Subject: [PATCH] useradd.c: fix covscan RESOURCE_LEAK

Error: RESOURCE_LEAK (CWE-772): [#def28]
shadow-4.8.1/src/useradd.c:1905: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
shadow-4.8.1/src/useradd.c:1905: var_assign: Assigning: "fd" = handle returned from "open("/var/log/faillog", 2)".
shadow-4.8.1/src/useradd.c:1906: noescape: Resource "fd" is not freed or pointed-to in "lseek".
shadow-4.8.1/src/useradd.c:1917: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
 1915|   		/* continue */
 1916|   	}
 1917|-> }
 1918|
 1919|   static void lastlog_reset (uid_t uid)

Error: RESOURCE_LEAK (CWE-772): [#def29]
shadow-4.8.1/src/useradd.c:1938: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
shadow-4.8.1/src/useradd.c:1938: var_assign: Assigning: "fd" = handle returned from "open("/var/log/lastlog", 2)".
shadow-4.8.1/src/useradd.c:1939: noescape: Resource "fd" is not freed or pointed-to in "lseek".
shadow-4.8.1/src/useradd.c:1950: leaked_handle: Handle variable "fd" going out of scope leaks the handle.
 1948|   		/* continue */
 1949|   	}
 1950|-> }
 1951|
 1952|   static void tallylog_reset (const char *user_name)

Error: RESOURCE_LEAK (CWE-772): [#def30]
shadow-4.8.1/src/useradd.c:2109: alloc_fn: Storage is returned from allocation function "strdup".
shadow-4.8.1/src/useradd.c:2109: var_assign: Assigning: "bhome" = storage returned from "strdup(prefix_user_home)".
shadow-4.8.1/src/useradd.c:2131: noescape: Resource "bhome" is not freed or pointed-to in "strtok".
shadow-4.8.1/src/useradd.c:2207: leaked_storage: Variable "bhome" going out of scope leaks the storage it points to.
 2205|   		}
 2206|   #endif
 2207|-> 	}
 2208|   }
 2209|
---
 src/useradd.c | 41 ++++++++++++++++++++++++++++++++---------
 1 file changed, 32 insertions(+), 9 deletions(-)

diff --git a/src/useradd.c b/src/useradd.c
index 4248b62c..127177e2 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -1964,16 +1964,26 @@ static void faillog_reset (uid_t uid)
 	memzero (&fl, sizeof (fl));
 
 	fd = open (FAILLOG_FILE, O_RDWR);
-	if (   (-1 == fd)
-	    || (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
+	if (-1 == fd) {
+		fprintf (stderr,
+		         _("%s: failed to open the faillog file for UID %lu: %s\n"),
+		         Prog, (unsigned long) uid, strerror (errno));
+		SYSLOG ((LOG_WARN, "failed to open the faillog file for UID %lu", (unsigned long) uid));
+		return;
+	}
+	if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
 	    || (write (fd, &fl, sizeof (fl)) != (ssize_t) sizeof (fl))
-	    || (fsync (fd) != 0)
-	    || (close (fd) != 0)) {
+	    || (fsync (fd) != 0)) {
 		fprintf (stderr,
 		         _("%s: failed to reset the faillog entry of UID %lu: %s\n"),
 		         Prog, (unsigned long) uid, strerror (errno));
 		SYSLOG ((LOG_WARN, "failed to reset the faillog entry of UID %lu", (unsigned long) uid));
-		/* continue */
+	}
+	if (close (fd) != 0) {
+		fprintf (stderr,
+		         _("%s: failed to close the faillog file for UID %lu: %s\n"),
+		         Prog, (unsigned long) uid, strerror (errno));
+		SYSLOG ((LOG_WARN, "failed to close the faillog file for UID %lu", (unsigned long) uid));
 	}
 }
 
@@ -1997,17 +2007,29 @@ static void lastlog_reset (uid_t uid)
 	memzero (&ll, sizeof (ll));
 
 	fd = open (LASTLOG_FILE, O_RDWR);
-	if (   (-1 == fd)
-	    || (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
+	if (-1 == fd) {
+		fprintf (stderr,
+		         _("%s: failed to open the lastlog file for UID %lu: %s\n"),
+		         Prog, (unsigned long) uid, strerror (errno));
+		SYSLOG ((LOG_WARN, "failed to open the lastlog file for UID %lu", (unsigned long) uid));
+		return;
+	}
+	if (   (lseek (fd, offset_uid, SEEK_SET) != offset_uid)
 	    || (write (fd, &ll, sizeof (ll)) != (ssize_t) sizeof (ll))
-	    || (fsync (fd) != 0)
-	    || (close (fd) != 0)) {
+	    || (fsync (fd) != 0)) {
 		fprintf (stderr,
 		         _("%s: failed to reset the lastlog entry of UID %lu: %s\n"),
 		         Prog, (unsigned long) uid, strerror (errno));
 		SYSLOG ((LOG_WARN, "failed to reset the lastlog entry of UID %lu", (unsigned long) uid));
 		/* continue */
 	}
+	if (close (fd) != 0) {
+		fprintf (stderr,
+		         _("%s: failed to close the lastlog file for UID %lu: %s\n"),
+		         Prog, (unsigned long) uid, strerror (errno));
+		SYSLOG ((LOG_WARN, "failed to close the lastlog file for UID %lu", (unsigned long) uid));
+		/* continue */
+	}
 }
 
 static void tallylog_reset (const char *user_name)
@@ -2254,6 +2276,7 @@ static void create_home (void)
 			}
 			cp = strtok (NULL, "/");
 		}
+		free (bhome);
 
 		(void) chown (prefix_user_home, user_id, user_gid);
 		mode_t mode = getdef_num ("HOME_MODE",