| Message ID | 20201004142422.5717-1-trix@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | apparmor: fix error check | expand |
On Sun, Oct 4, 2020 at 7:24 AM <trix@redhat.com> wrote: > > From: Tom Rix <trix@redhat.com> > > clang static analysis reports this representative problem: > > label.c:1463:16: warning: Assigned value is garbage or undefined > label->hname = name; > ^ ~~~~ Right, so if aa_label_acntsxprint() fails, it won't assign to its first param. In the caller, this means assigning uninitialized memory (UB) when aa_label_acntsxprint() returns -ENOMEM for example. Thanks for the patch. Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> > > In aa_update_label_name(), this the problem block of code > > if (aa_label_acntsxprint(&name, ...) == -1) > return res; > > On failure, aa_label_acntsxprint() has a more complicated return > that just -1. So check for a negative return. > > It was also noted that the aa_label_acntsxprint() main comment refers > to a nonexistent parameter, so clean up the comment. > > Fixes: f1bd904175e8 ("apparmor: add the base fns() for domain labels") > Signed-off-by: Tom Rix <trix@redhat.com> > --- > security/apparmor/label.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/security/apparmor/label.c b/security/apparmor/label.c > index e68bcedca976..6222fdfebe4e 100644 > --- a/security/apparmor/label.c > +++ b/security/apparmor/label.c > @@ -1454,7 +1454,7 @@ bool aa_update_label_name(struct aa_ns *ns, struct aa_label *label, gfp_t gfp) > if (label->hname || labels_ns(label) != ns) > return res; > > - if (aa_label_acntsxprint(&name, ns, label, FLAGS_NONE, gfp) == -1) > + if (aa_label_acntsxprint(&name, ns, label, FLAGS_NONE, gfp) < 0) > return res; > > ls = labels_set(label); > @@ -1704,7 +1704,7 @@ int aa_label_asxprint(char **strp, struct aa_ns *ns, struct aa_label *label, > > /** > * aa_label_acntsxprint - allocate a __counted string buffer and print label > - * @strp: buffer to write to. (MAY BE NULL if @size == 0) > + * @strp: buffer to write to. > * @ns: namespace profile is being viewed from > * @label: label to view (NOT NULL) > * @flags: flags controlling what label info is printed > -- > 2.18.1 > > -- > You received this message because you are subscribed to the Google Groups "Clang Built Linux" group. > To unsubscribe from this group and stop receiving emails from it, send an email to clang-built-linux+unsubscribe@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/clang-built-linux/20201004142422.5717-1-trix%40redhat.com.
On 10/4/20 7:24 AM, trix@redhat.com wrote: > From: Tom Rix <trix@redhat.com> > > clang static analysis reports this representative problem: > > label.c:1463:16: warning: Assigned value is garbage or undefined > label->hname = name; > ^ ~~~~ > > In aa_update_label_name(), this the problem block of code > > if (aa_label_acntsxprint(&name, ...) == -1) > return res; > > On failure, aa_label_acntsxprint() has a more complicated return > that just -1. So check for a negative return. > > It was also noted that the aa_label_acntsxprint() main comment refers > to a nonexistent parameter, so clean up the comment. > > Fixes: f1bd904175e8 ("apparmor: add the base fns() for domain labels") > Signed-off-by: Tom Rix <trix@redhat.com> > --- > security/apparmor/label.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/security/apparmor/label.c b/security/apparmor/label.c > index e68bcedca976..6222fdfebe4e 100644 > --- a/security/apparmor/label.c > +++ b/security/apparmor/label.c > @@ -1454,7 +1454,7 @@ bool aa_update_label_name(struct aa_ns *ns, struct aa_label *label, gfp_t gfp) > if (label->hname || labels_ns(label) != ns) > return res; > > - if (aa_label_acntsxprint(&name, ns, label, FLAGS_NONE, gfp) == -1) > + if (aa_label_acntsxprint(&name, ns, label, FLAGS_NONE, gfp) < 0) > return res; > > ls = labels_set(label); > @@ -1704,7 +1704,7 @@ int aa_label_asxprint(char **strp, struct aa_ns *ns, struct aa_label *label, > > /** > * aa_label_acntsxprint - allocate a __counted string buffer and print label > - * @strp: buffer to write to. (MAY BE NULL if @size == 0) > + * @strp: buffer to write to. > * @ns: namespace profile is being viewed from > * @label: label to view (NOT NULL) > * @flags: flags controlling what label info is printed > sorry it seems I missed replying to this. This patch has been pulled into apparmor-next
diff --git a/security/apparmor/label.c b/security/apparmor/label.c index e68bcedca976..6222fdfebe4e 100644 --- a/security/apparmor/label.c +++ b/security/apparmor/label.c @@ -1454,7 +1454,7 @@ bool aa_update_label_name(struct aa_ns *ns, struct aa_label *label, gfp_t gfp) if (label->hname || labels_ns(label) != ns) return res; - if (aa_label_acntsxprint(&name, ns, label, FLAGS_NONE, gfp) == -1) + if (aa_label_acntsxprint(&name, ns, label, FLAGS_NONE, gfp) < 0) return res; ls = labels_set(label); @@ -1704,7 +1704,7 @@ int aa_label_asxprint(char **strp, struct aa_ns *ns, struct aa_label *label, /** * aa_label_acntsxprint - allocate a __counted string buffer and print label - * @strp: buffer to write to. (MAY BE NULL if @size == 0) + * @strp: buffer to write to. * @ns: namespace profile is being viewed from * @label: label to view (NOT NULL) * @flags: flags controlling what label info is printed