[PATCH v2] samples/landlock: Fix possible NULL dereference in parse_path()
Gax-c
zichenxie0106 at gmail.com
Thu Nov 28 03:29:56 UTC 2024
From: Zichen Xie <zichenxie0106 at gmail.com>
malloc() may return NULL, leading to NULL dereference.
Add a NULL check.
Fixes: ba84b0bf5a16 ("samples/landlock: Add a sandbox manager example")
Signed-off-by: Zichen Xie <zichenxie0106 at gmail.com>
Cc: stable at vger.kernel.org
---
v2: Modify logic & Add Fixes tag.
---
samples/landlock/sandboxer.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/samples/landlock/sandboxer.c b/samples/landlock/sandboxer.c
index 57565dfd74a2..ef2a34173d84 100644
--- a/samples/landlock/sandboxer.c
+++ b/samples/landlock/sandboxer.c
@@ -91,6 +91,9 @@ static int parse_path(char *env_path, const char ***const path_list)
}
}
*path_list = malloc(num_paths * sizeof(**path_list));
+ if (*path_list == NULL)
+ return -1;
+
for (i = 0; i < num_paths; i++)
(*path_list)[i] = strsep(&env_path, ENV_DELIMITER);
@@ -127,6 +130,11 @@ static int populate_ruleset_fs(const char *const env_var, const int ruleset_fd,
env_path_name = strdup(env_path_name);
unsetenv(env_var);
num_paths = parse_path(env_path_name, &path_list);
+ if (num_paths == -1) {
+ fprintf(stderr, "Failed to allocate memory\n");
+ ret = 1;
+ goto out_free_name;
+ }
if (num_paths == 1 && path_list[0][0] == '\0') {
/*
* Allows to not use all possible restrictions (e.g. use
--
2.34.1
More information about the Linux-security-module-archive
mailing list