On Mon, May 4, 2020 at 10:45 AM Richard Filo <rfilo@xxxxxxxxxx> wrote: > Errno is not set to ENOENT when lookup_all() doesn't find any match. > > fixes: https://src.fedoraproject.org/tests/selinux/issue/51 > > Signed-off-by: Richard Filo <rfilo@xxxxxxxxxx> > --- > libselinux/src/label_file.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c > index 300625c2..113bb9b7 100644 > --- a/libselinux/src/label_file.c > +++ b/libselinux/src/label_file.c > @@ -948,6 +948,8 @@ static const struct spec **lookup_all(struct selabel_handle *rec, > goto finish; > } > } > + if (result && !result[0]) > + errno = ENOENT; Sorry for not spotting this earlier, but there is no need to check if result != NULL, because it will always be non-NULL at this point. So you should only do the second part of the check (!result[0]). The check under the "finish" label needs to check both, because you can get there also via the allocation-failed path, where "result" would be NULL. > > finish: > free(clean_key); > -- > 2.25.2 > -- Ondrej Mosnacek <omosnace at redhat dot com> Software Engineer, Security Technologies Red Hat, Inc.
