[PATCH] selinux: Fix an uninitialized variable bug

James Morris jmorris at namei.org
Mon Apr 3 01:10:42 UTC 2017

On Fri, 31 Mar 2017, Paul Moore wrote:

> On Fri, Mar 31, 2017 at 11:52 AM, Stephen Smalley <sds at tycho.nsa.gov> wrote:
> > On Fri, 2017-03-31 at 18:21 +0300, Dan Carpenter wrote:
> >> We removed this initialization as a cleanup but it is probably
> >> required.
> >>
> >> The concern is that "nel" can be zero.  I'm not an expert on SELinux
> >> code but I think it looks possible to write an SELinux policy which
> >> triggers this bug.  GCC doesn't catch this, but my static checker
> >> does.
> >>
> >> Fixes: 9c312e79d6af ("selinux: Delete an unnecessary variable
> >> initialisation in range_read()")
> >> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
> >
> > Nice catch, thanks!
> >
> > Acked-by: Stephen Smalley <sds at tycho.nsa.gov>
> Yes, indeed.  Thanks Dan, I should have caught this when merging Markus' patch.

I'd like to reiterate that I generally don't want to accept cleanup 
patches into the security tree from Markus (or indeed from others who 
only do cleanup/whitespace work).

See https://lkml.org/lkml/2017/1/29/172, and please click through and read 
Dan's comments.

All patches carry risks of introducing new bugs, and kernel "cleanup: 
patches generally offer a pretty high cost/benefit ratio.  If such patches 
come from core developers of that code, or from kernel developers with 
experience in *analyzing and fixing* bugs, that's very different.

Paul, please review all of these patches very carefully before sending 
your pull request.

James Morris
<jmorris at namei.org>

To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

More information about the Linux-security-module-archive mailing list