Re: [PATCH] selinux: initialize proto variable in selinux_ip_postroute_compat()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 24, 2021 at 10:07 AM <trix@xxxxxxxxxx> wrote:
>
> From: Tom Rix <trix@xxxxxxxxxx>
>
> Clang static analysis reports this warning
>
> hooks.c:5765:6: warning: 4th function call argument is an uninitialized value
>         if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
>             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> selinux_parse_skb() can return ok without setting proto.  The later call
> to selinux_xfrm_postroute_last() does an early check of proto and can
> return ok is the garbage proto value matches.  So initialize proto.
>
> Fixes: eef9b41622f2 ("selinux: cleanup selinux_xfrm_sock_rcv_skb() and selinux_xfrm_postroute_last()")
> Signed-off-by: Tom Rix <trix@xxxxxxxxxx>
> ---
>  security/selinux/hooks.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Thanks Tom.  I don't think this is something that could be easily
triggered on a normal system, even if the compatibility mode was
enabled, but this is something that we should fix regardless.  I've
merged this into selinux/stable-5.16 and will send this up to Linus as
soon as it clears the normal automated testing.

-- 
paul moore
www.paul-moore.com



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux