From: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx> Date: Sat, 14 Jan 2017 19:55:00 +0100 One local variable was set to an error code in four cases before a concrete error situation was detected. Thus move the corresponding assignments into if branches to indicate a software failure there. Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx> --- security/selinux/ss/policydb.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index a696876fc327..4cd96ce51322 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -1854,10 +1854,11 @@ static int range_read(struct policydb *p, void *fp) nel = le32_to_cpu(buf[0]); for (i = 0; i < nel; i++) { - rc = -ENOMEM; rt = kzalloc(sizeof(*rt), GFP_KERNEL); - if (!rt) + if (!rt) { + rc = -ENOMEM; goto out; + } rc = next_entry(buf, fp, (sizeof(u32) * 2)); if (rc) @@ -1873,24 +1874,26 @@ static int range_read(struct policydb *p, void *fp) } else rt->target_class = p->process_class; - rc = -EINVAL; if (!policydb_type_isvalid(p, rt->source_type) || !policydb_type_isvalid(p, rt->target_type) || - !policydb_class_isvalid(p, rt->target_class)) + !policydb_class_isvalid(p, rt->target_class)) { + rc = -EINVAL; goto out; + } - rc = -ENOMEM; r = kzalloc(sizeof(*r), GFP_KERNEL); - if (!r) + if (!r) { + rc = -ENOMEM; goto out; + } rc = mls_read_range_helper(r, fp); if (rc) goto out; - rc = -EINVAL; if (!mls_range_isvalid(p, r)) { printk(KERN_WARNING "SELinux: rangetrans: invalid range\n"); + rc = -EINVAL; goto out; } -- 2.11.0 _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.