| Message ID | 20211224150739.3278019-1-trix@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | selinux: initialize proto variable in selinux_ip_postroute_compat() | expand |
On Fri, Dec 24, 2021 at 10:07 AM <trix@redhat.com> wrote: > > From: Tom Rix <trix@redhat.com> > > Clang static analysis reports this warning > > hooks.c:5765:6: warning: 4th function call argument is an uninitialized value > if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > selinux_parse_skb() can return ok without setting proto. The later call > to selinux_xfrm_postroute_last() does an early check of proto and can > return ok is the garbage proto value matches. So initialize proto. > > Fixes: eef9b41622f2 ("selinux: cleanup selinux_xfrm_sock_rcv_skb() and selinux_xfrm_postroute_last()") > Signed-off-by: Tom Rix <trix@redhat.com> > --- > security/selinux/hooks.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Thanks Tom. I don't think this is something that could be easily triggered on a normal system, even if the compatibility mode was enabled, but this is something that we should fix regardless. I've merged this into selinux/stable-5.16 and will send this up to Linus as soon as it clears the normal automated testing.
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e2a6d0f5c47af..fd7a0e9e26647 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5742,7 +5742,7 @@ static unsigned int selinux_ip_postroute_compat(struct sk_buff *skb, struct sk_security_struct *sksec; struct common_audit_data ad; struct lsm_network_audit net = {0,}; - u8 proto; + u8 proto = 0; sk = skb_to_full_sk(skb); if (sk == NULL)