[PATCH] samples/landlock: Fix possible NULL dereference in parse_path()
Mickaël Salaün
mic at digikod.net
Wed Nov 27 16:23:06 UTC 2024
On Tue, Nov 26, 2024 at 12:41:57PM -0600, Gax-c wrote:
> From: Zichen Xie <zichenxie0106 at gmail.com>
>
> malloc() may return NULL, leading to NULL dereference.
> Add a NULL check.
>
> Signed-off-by: Zichen Xie <zichenxie0106 at gmail.com>
> ---
> samples/landlock/sandboxer.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/samples/landlock/sandboxer.c b/samples/landlock/sandboxer.c
> index 57565dfd74a2..385fc115647f 100644
> --- a/samples/landlock/sandboxer.c
> +++ b/samples/landlock/sandboxer.c
> @@ -91,6 +91,9 @@ static int parse_path(char *env_path, const char ***const path_list)
> }
> }
> *path_list = malloc(num_paths * sizeof(**path_list));
> + if (*path_list == NULL)
> + return 1;
This creates another NULL deference in the caller.
We should print to stderr to explain the issue, return -1, and update
the caller to check for this error.
> +
> for (i = 0; i < num_paths; i++)
> (*path_list)[i] = strsep(&env_path, ENV_DELIMITER);
>
> --
> 2.34.1
>
>
More information about the Linux-security-module-archive
mailing list