coverity scan

3 files changed, 6 insertions, 0 deletions

diff --git a/src/firejail/fs_logger.c b/src/firejail/fs_logger.c
index 4bf24e749..f735b1489 100644
--- a/src/firejail/fs_logger.c
+++ b/src/firejail/fs_logger.c
@@ -163,6 +163,7 @@ void fs_logger_print_log(pid_t pid) {
                 exit(1);
         }
 
+        /* coverity[toctou] */
         FILE *fp = fopen(fname, "r");
         if (!fp) {
                 printf("Cannot open filesystem log.\n");
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index f8cce219e..e0187981b 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -582,6 +582,9 @@ void fs_whitelist(void) {
                         errExit("mount tmpfs");
         }
 
+        if (new_name)
+                free(new_name);
+                
         return;
 
 errexit:
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c
index ec65005ba..1b4058987 100644
--- a/src/firejail/restrict_users.c
+++ b/src/firejail/restrict_users.c
@@ -121,6 +121,7 @@ static void sanitize_passwd(void) {
         fs_build_mnt_dir();
 
         // open files
+        /* coverity[toctou] */
         fpin = fopen("/etc/passwd", "r");
         if (!fpin)
                 goto errout;
@@ -253,6 +254,7 @@ static void sanitize_group(void) {
         fs_build_mnt_dir();
 
         // open files
+        /* coverity[toctou] */
         fpin = fopen("/etc/group", "r");
         if (!fpin)
                 goto errout;