X-Git-Url: http://gitweb.michael.orlitzky.com/?p=apply-default-acl.git;a=blobdiff_plain;f=src%2Flibadacl.c;fp=src%2Flibadacl.c;h=6f74004db57d40ce2be232b97971b0c3a250093c;hp=956063aa75ad0f4a5584fb5e3f22d0ea91f04b5f;hb=c16c09587fb3c8de6f9cab77e3c855dd0a81938d;hpb=94a6d5e4af8ca45916d1f576b51eb7fd688d00be

diff --git a/src/libadacl.c b/src/libadacl.c
index 956063a..6f74004 100644
--- a/src/libadacl.c
+++ b/src/libadacl.c
@@ -309,13 +309,20 @@ int acl_update_entry(acl_t aclp, acl_entry_t updated_entry) {
         }
       }
 
-      /* Otherwise, we have to have matching UIDs or GIDs. */
-      if (updated_tag == ACL_USER) {
+      /* Second, they could have matching UIDs. We don't really need to
+         check both tags here, since we know that they're equal. However,
+         clang-tidy can't figure that out, and the redundant equality
+         check prevents it from complaining about a potential null pointer
+         dereference. */
+      if (updated_tag == ACL_USER && existing_tag == ACL_USER) {
         qualifiers_match = ( *((uid_t*)existing_qualifier)
                              ==
                              *((uid_t*)updated_qualifier) );
       }
-      else if (updated_tag == ACL_GROUP) {
+
+      /* Third, they could have matching GIDs. See above for why
+         we check the redundant condition existing_tag == ACL_GROUP. */
+      if (updated_tag == ACL_GROUP && existing_tag == ACL_GROUP) {
         qualifiers_match = ( *((gid_t*)existing_qualifier)
                              ==
                              *((gid_t*)updated_qualifier) );
@@ -332,7 +339,7 @@ int acl_update_entry(acl_t aclp, acl_entry_t updated_entry) {
           goto cleanup;
         }
 
-	result = ACL_SUCCESS;
+        result = ACL_SUCCESS;
         goto cleanup;
       }
     }