From 62844f5f2d280403511c4741226b39843955c08c Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Tue, 11 Dec 2018 00:16:21 -0500
Subject: [PATCH] stc/libadacl.c: use a "cleanup" routine in
 acl_update_entry().

This is in preparation for comparing the qualifiers of the given and
existing ACL entries. Since acl_get_qualifier() can allocate memory,
we need to be sure that memory gets freed, even if an error occurs. A
"cleanup" routine and liberal use of "goto" is the standard pattern
throughout the rest of the library to deal with that problem.
---
 src/libadacl.c | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/src/libadacl.c b/src/libadacl.c
index 4ca60c0..5bca89f 100644
--- a/src/libadacl.c
+++ b/src/libadacl.c
@@ -259,39 +259,47 @@ int acl_update_entry(acl_t aclp, acl_entry_t entry) {
     return ACL_ERROR;
   }
 
+  /* Our return value. Default to failure, and change to success if we
+     actually update something. */
+  int result = ACL_FAILURE;
+
   acl_entry_t existing_entry;
   /* Loop through the given ACL looking for matching entries. */
-  int result = acl_get_entry(aclp, ACL_FIRST_ENTRY, &existing_entry);
+  int get_entry_result = acl_get_entry(aclp, ACL_FIRST_ENTRY, &existing_entry);
 
-  while (result == ACL_SUCCESS) {
+  while (get_entry_result == ACL_SUCCESS) {
     acl_tag_t existing_tag = ACL_UNDEFINED_TAG;
 
     if (acl_get_tag_type(existing_entry, &existing_tag) == ACL_ERROR) {
        perror("set_acl_tag_permset (acl_get_tag_type)");
-       return ACL_ERROR;
+       result = ACL_ERROR;
+       goto cleanup;
     }
 
     if (existing_tag == entry_tag) {
       /* If we update something, we're done and return ACL_SUCCESS */
       if (acl_set_permset(existing_entry, entry_permset) == ACL_ERROR) {
-        perror("acl_update_entry (acl_set_permset)");
-        return ACL_ERROR;
+	perror("acl_update_entry (acl_set_permset)");
+	result = ACL_ERROR;
+	goto cleanup;
       }
 
-      return ACL_SUCCESS;
+      result = ACL_SUCCESS;
+      goto cleanup;
     }
 
-    result = acl_get_entry(aclp, ACL_NEXT_ENTRY, &existing_entry);
+    get_entry_result = acl_get_entry(aclp, ACL_NEXT_ENTRY, &existing_entry);
   }
 
   /* This catches both the initial acl_get_entry and the ones at the
      end of the loop. */
-  if (result == ACL_ERROR) {
+  if (get_entry_result == ACL_ERROR) {
     perror("acl_update_entry (acl_get_entry)");
-    return ACL_ERROR;
+    result = ACL_ERROR;
   }
 
-  return ACL_FAILURE;
+ cleanup:
+  return result;
 }
 
 
-- 
2.43.2