Re: [PATCH 08/15] checkpolicy: bail out on invalid role

James Carter <jwcart2@xxxxxxxxx> · Tue, 13 Feb 2024 15:36:59 -0500



On Mon, Jan 22, 2024 at 8:55 AM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Return early on invalid roles in user definition.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>

Acked-by: James Carter <jwcart2@xxxxxxxxx>

> ---
>  checkpolicy/policy_define.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
> index 97582630..44236797 100644
> --- a/checkpolicy/policy_define.c
> +++ b/checkpolicy/policy_define.c
> @@ -4244,7 +4244,7 @@ int define_user(void)
>
>         while ((id = queue_remove(id_queue))) {
>                 if (set_user_roles(&usrdatum->roles, id))
> -                       continue;
> +                       return -1;
>         }
>
>         if (mlspol) {
> --
> 2.43.0
>
>