| Message ID | 20241025183014.1826149-1-vmojzis@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 33ac7c960f9e |
| Headers | show |
| Series | [1/2] libselinux/setexecfilecon: Remove useless rc check | expand |
On Fri, Oct 25, 2024 at 2:31 PM Vit Mojzis <vmojzis@redhat.com> wrote: > > Fixes: > Error: IDENTICAL_BRANCHES (CWE-398): > libselinux-3.6/src/setexecfilecon.c:45: implicit_else: The code from the above if-then branch is identical to the code after the if statement. > libselinux-3.6/src/setexecfilecon.c:43: identical_branches: The same code is executed when the condition "rc < 0" is true or false, because the code in the if-then branch and after the if statement is identical. Should the if statement be removed? > \# 41| > \# 42| rc = setexeccon(newcon); > \# 43|-> if (rc < 0) > \# 44| goto out; > \# 45| out: > > Signed-off-by: Vit Mojzis <vmojzis@redhat.com> For these two patches: Acked-by: James Carter <jwcart2@gmail.com> > --- > libselinux/src/setexecfilecon.c | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/libselinux/src/setexecfilecon.c b/libselinux/src/setexecfilecon.c > index 2c6505a9..4b31e775 100644 > --- a/libselinux/src/setexecfilecon.c > +++ b/libselinux/src/setexecfilecon.c > @@ -40,8 +40,6 @@ int setexecfilecon(const char *filename, const char *fallback_type) > } > > rc = setexeccon(newcon); > - if (rc < 0) > - goto out; > out: > > if (rc < 0 && security_getenforce() == 0) > -- > 2.47.0 > >
On Mon, Oct 28, 2024 at 1:15 PM James Carter <jwcart2@gmail.com> wrote: > > On Fri, Oct 25, 2024 at 2:31 PM Vit Mojzis <vmojzis@redhat.com> wrote: > > > > Fixes: > > Error: IDENTICAL_BRANCHES (CWE-398): > > libselinux-3.6/src/setexecfilecon.c:45: implicit_else: The code from the above if-then branch is identical to the code after the if statement. > > libselinux-3.6/src/setexecfilecon.c:43: identical_branches: The same code is executed when the condition "rc < 0" is true or false, because the code in the if-then branch and after the if statement is identical. Should the if statement be removed? > > \# 41| > > \# 42| rc = setexeccon(newcon); > > \# 43|-> if (rc < 0) > > \# 44| goto out; > > \# 45| out: > > > > Signed-off-by: Vit Mojzis <vmojzis@redhat.com> > > For these two patches: > Acked-by: James Carter <jwcart2@gmail.com> > These two patches have been merged. Thanks, Jim > > --- > > libselinux/src/setexecfilecon.c | 2 -- > > 1 file changed, 2 deletions(-) > > > > diff --git a/libselinux/src/setexecfilecon.c b/libselinux/src/setexecfilecon.c > > index 2c6505a9..4b31e775 100644 > > --- a/libselinux/src/setexecfilecon.c > > +++ b/libselinux/src/setexecfilecon.c > > @@ -40,8 +40,6 @@ int setexecfilecon(const char *filename, const char *fallback_type) > > } > > > > rc = setexeccon(newcon); > > - if (rc < 0) > > - goto out; > > out: > > > > if (rc < 0 && security_getenforce() == 0) > > -- > > 2.47.0 > > > >
diff --git a/libselinux/src/setexecfilecon.c b/libselinux/src/setexecfilecon.c index 2c6505a9..4b31e775 100644 --- a/libselinux/src/setexecfilecon.c +++ b/libselinux/src/setexecfilecon.c @@ -40,8 +40,6 @@ int setexecfilecon(const char *filename, const char *fallback_type) } rc = setexeccon(newcon); - if (rc < 0) - goto out; out: if (rc < 0 && security_getenforce() == 0)
Fixes: Error: IDENTICAL_BRANCHES (CWE-398): libselinux-3.6/src/setexecfilecon.c:45: implicit_else: The code from the above if-then branch is identical to the code after the if statement. libselinux-3.6/src/setexecfilecon.c:43: identical_branches: The same code is executed when the condition "rc < 0" is true or false, because the code in the if-then branch and after the if statement is identical. Should the if statement be removed? \# 41| \# 42| rc = setexeccon(newcon); \# 43|-> if (rc < 0) \# 44| goto out; \# 45| out: Signed-off-by: Vit Mojzis <vmojzis@redhat.com> --- libselinux/src/setexecfilecon.c | 2 -- 1 file changed, 2 deletions(-)