[PATCH] apparmor: fix error check

John Johansen john.johansen at canonical.com
Sun Feb 7 11:27:51 UTC 2021


On 10/4/20 7:24 AM, trix at redhat.com wrote:
> From: Tom Rix <trix at redhat.com>
> 
> clang static analysis reports this representative problem:
> 
> label.c:1463:16: warning: Assigned value is garbage or undefined
>         label->hname = name;
>                      ^ ~~~~
> 
> In aa_update_label_name(), this the problem block of code
> 
> 	if (aa_label_acntsxprint(&name, ...) == -1)
> 		return res;
> 
> On failure, aa_label_acntsxprint() has a more complicated return
> that just -1.  So check for a negative return.
> 
> It was also noted that the aa_label_acntsxprint() main comment refers
> to a nonexistent parameter, so clean up the comment.
> 
> Fixes: f1bd904175e8 ("apparmor: add the base fns() for domain labels")
> Signed-off-by: Tom Rix <trix at redhat.com>
> ---
>  security/apparmor/label.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/security/apparmor/label.c b/security/apparmor/label.c
> index e68bcedca976..6222fdfebe4e 100644
> --- a/security/apparmor/label.c
> +++ b/security/apparmor/label.c
> @@ -1454,7 +1454,7 @@ bool aa_update_label_name(struct aa_ns *ns, struct aa_label *label, gfp_t gfp)
>  	if (label->hname || labels_ns(label) != ns)
>  		return res;
>  
> -	if (aa_label_acntsxprint(&name, ns, label, FLAGS_NONE, gfp) == -1)
> +	if (aa_label_acntsxprint(&name, ns, label, FLAGS_NONE, gfp) < 0)
>  		return res;
>  
>  	ls = labels_set(label);
> @@ -1704,7 +1704,7 @@ int aa_label_asxprint(char **strp, struct aa_ns *ns, struct aa_label *label,
>  
>  /**
>   * aa_label_acntsxprint - allocate a __counted string buffer and print label
> - * @strp: buffer to write to. (MAY BE NULL if @size == 0)
> + * @strp: buffer to write to.
>   * @ns: namespace profile is being viewed from
>   * @label: label to view (NOT NULL)
>   * @flags: flags controlling what label info is printed
> 


sorry it seems I missed replying to this. This patch has been pulled into apparmor-next



More information about the Linux-security-module-archive mailing list