On Fri, Dec 24, 2021 at 10:07 AM <trix@xxxxxxxxxx> wrote: > > From: Tom Rix <trix@xxxxxxxxxx> > > Clang static analysis reports this warning > > hooks.c:5765:6: warning: 4th function call argument is an uninitialized value > if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) > ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > selinux_parse_skb() can return ok without setting proto. The later call > to selinux_xfrm_postroute_last() does an early check of proto and can > return ok is the garbage proto value matches. So initialize proto. > > Fixes: eef9b41622f2 ("selinux: cleanup selinux_xfrm_sock_rcv_skb() and selinux_xfrm_postroute_last()") > Signed-off-by: Tom Rix <trix@xxxxxxxxxx> > --- > security/selinux/hooks.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Thanks Tom. I don't think this is something that could be easily triggered on a normal system, even if the compatibility mode was enabled, but this is something that we should fix regardless. I've merged this into selinux/stable-5.16 and will send this up to Linus as soon as it clears the normal automated testing. -- paul moore www.paul-moore.com