Code cleanup

stevegrubb · stevegrubb · commit 2f1ac7a0fe57 · 2026-03-22T15:58:52.000-04:00
Initialized the netlink sender address structure before recvfrom() so the reply path no longer reads an uninitialized sockaddr_nl field during spoof checks.

Hardened auparse initialization and event iteration by removing the buffer-array dead nested assignment pattern and adding defensive checks around au-&gt;au_lo / lazy event-list allocation.

Tightened x2c() so it bails out when the caller does not provide two usable bytes, avoiding the scan-build path that treated the hex input as undefined.

Removed scan-build-reported dead assignments in syscall normalization by calling set_file_object() directly for the special fsetxattr, fchmod, and fchown cases, and by dropping the unused rc assignment before the "key" lookup.
diff --git a/auparse/auparse.c b/auparse/auparse.c
@@ -524,9 +524,10 @@ auparse_state_t *auparse_init(ausource_t source, const void *b)
 			if (bb == NULL)
 				goto bad_exit;
 			size = 0;
-			for (n = 0; (buf = bb[n]); n++) {
-				len = strlen(bb[n]);
-				if (bb[n][len-1] != '\n') {
+			for (n = 0; bb[n]; n++) {
+				buf = bb[n];
+				len = strlen(buf);
+				if (buf[len-1] != '\n') {
 					size += len + 1;
 				} else {
 					size += len;
@@ -1487,6 +1488,11 @@ static int au_auparse_next_event(auparse_state_t *au)
 	event_list_t *l;
 	au_event_t e;
 
+	if (au == NULL || au->au_lo == NULL) {
+		errno = EINVAL;
+		return -1;
+	}
+
 	/*
 	 * Deal with Python memory management issues where it issues a
 	 * auparse_destroy() call after an auparse_init() call but then wants
@@ -1500,8 +1506,11 @@ static int au_auparse_next_event(auparse_state_t *au)
 #ifdef	LOL_EVENTS_DEBUG01
 		if (debug) printf("Creating lol array\n");
 #endif	/* LOL_EVENTS_DEBUG01 */
-		au_lol_create(au->au_lo);
+		if (au_lol_create(au->au_lo) == NULL)
+			return -1;
 	}
+	if (au->au_lo->array == NULL)
+		return -1;
 
 	/*
 	 * First see if we have any empty events but with an allocated event
diff --git a/auparse/interpret.c b/auparse/interpret.c
@@ -148,6 +148,9 @@ static unsigned char x2c(const unsigned char *buf)
 	const char *ptr;
 	unsigned char total=0;
 
+	if (buf == NULL || buf[0] == 0 || buf[1] == 0)
+		return 0;
+
 	ptr = strchr(AsciiArray, (char)toupper(buf[0]));
 	if (ptr)
 		total = (unsigned char)(((ptr-AsciiArray) & 0x0F)<<4);
diff --git a/auparse/lru.c b/auparse/lru.c
@@ -297,19 +297,26 @@ static void free_qnode(Queue *queue, QNode *node)
 
 static void evict_lru(Queue *queue)
 {
+	QNode *node;
+
 	if (queue_is_empty(queue))
 		return;
-	free_qnode(queue, queue->end);
+
+	node = queue->end;
+	free_qnode(queue, node);
 	queue->evictions++;
 }
 
 // Remove from the end of the queue
 static void dequeue(Queue *queue)
 {
+	QNode *node;
+
 	if (queue_is_empty(queue))
 		return;
 
-	free_qnode(queue, queue->end);
+	node = queue->end;
+	free_qnode(queue, node);
 }
 
 
diff --git a/auparse/normalize.c b/auparse/normalize.c
@@ -634,24 +634,25 @@ static int normalize_syscall(auparse_state_t *au, const char *syscall)
 			act = "changed-file-attributes-of";
 			D.thing.what = NORM_WHAT_FILE; // this gets overridden
 			if (strcmp(syscall, "fsetxattr") == 0)
-				offset = -1;
-			set_file_object(au, offset);
+				set_file_object(au, -1);
+			else
+				set_file_object(au, offset);
 			simple_file_attr(au);
 			break;
 		case NORM_FILE_CHPERM:
 			act = "changed-file-permissions-of";
 			D.thing.what = NORM_WHAT_FILE; // this gets overridden
 			if (strcmp(syscall, "fchmod") == 0)
-				offset = -1;
+				set_file_object(au, -1);
+			else
+				set_file_object(au, offset);
 			collect_perm_obj2(au, syscall);
-			set_file_object(au, offset);
 			simple_file_attr(au);
 			break;
 		case NORM_FILE_CHOWN:
 			act = "changed-file-ownership-of";
 			D.thing.what = NORM_WHAT_FILE; // this gets overridden
 			if (strcmp(syscall, "fchown") == 0) {
-				offset = -1;
 				collect_own_obj2(au, syscall);
 				/* fchown has no cwd or path information */
 			} else {
@@ -978,7 +979,7 @@ static int normalize_syscall(auparse_state_t *au, const char *syscall)
 		default:
 			{
 				const char *k;
-				rc = auparse_first_record(au);
+				auparse_first_record(au);
 				k = auparse_find_field(au, "key");
 				if (k && strcmp(k, "(null)")) {
 					act = "triggered-audit-rule";
diff --git a/lib/netlink.c b/lib/netlink.c
@@ -77,7 +77,7 @@ void audit_close(int fd)
 int audit_get_reply(int fd, struct audit_reply *rep, reply_t block, int peek)
 {
 	int len;
-	struct sockaddr_nl nladdr;
+	struct sockaddr_nl nladdr = { 0 };
 	socklen_t nladdrlen = sizeof(nladdr);
 
 	if (fd < 0)
@@ -299,4 +299,3 @@ static int check_ack(int fd)
 	}
 	return 0;
 }
-

Original file line number	Diff line number	Diff line change
`@@ -297,19 +297,26 @@ static void free_qnode(Queue queue, QNode node)`
`297`	`297`
`298`	`298`	`static void evict_lru(Queue *queue)`
`299`	`299`	`{`
	`300`	`+ QNode *node;`
	`301`	`+`
`300`	`302`	`if (queue_is_empty(queue))`
`301`	`303`	`return;`
`302`		`- free_qnode(queue, queue->end);`
	`304`	`+`
	`305`	`+ node = queue->end;`
	`306`	`+ free_qnode(queue, node);`
`303`	`307`	`queue->evictions++;`
`304`	`308`	`}`
`305`	`309`
`306`	`310`	`// Remove from the end of the queue`
`307`	`311`	`static void dequeue(Queue *queue)`
`308`	`312`	`{`
	`313`	`+ QNode *node;`
	`314`	`+`
`309`	`315`	`if (queue_is_empty(queue))`
`310`	`316`	`return;`
`311`	`317`
`312`		`- free_qnode(queue, queue->end);`
	`318`	`+ node = queue->end;`
	`319`	`+ free_qnode(queue, node);`
`313`	`320`	`}`
`314`	`321`
`315`	`322`
Original file line number	Diff line number	Diff line change
`@@ -77,7 +77,7 @@ void audit_close(int fd)`
`77`	`77`	`int audit_get_reply(int fd, struct audit_reply *rep, reply_t block, int peek)`
`78`	`78`	`{`
`79`	`79`	`int len;`
`80`		`- struct sockaddr_nl nladdr;`
	`80`	`+ struct sockaddr_nl nladdr = { 0 };`
`81`	`81`	`socklen_t nladdrlen = sizeof(nladdr);`
`82`	`82`
`83`	`83`	`if (fd < 0)`
`@@ -299,4 +299,3 @@ static int check_ack(int fd)`
`299`	`299`	`}`
`300`	`300`	`return 0;`
`301`	`301`	`}`
`302`		`-`