On Fri, Jul 19, 2024 at 12:17 PM Vit Mojzis <vmojzis@xxxxxxxxxx> wrote: > > Avoid context_destroy() on "newcontext" before context_init() is called. > > Fixes: > libsepol-3.6/src/services.c:1335: var_decl: Declaring variable "newcontext" without initializer. > libsepol-3.6/src/services.c:1462: uninit_use_in_call: Using uninitialized value "newcontext.range.level[0].cat.node" when calling "context_destroy". > \# 1460| rc = sepol_sidtab_context_to_sid(sidtab, &newcontext, out_sid); > \# 1461| out: > \# 1462|-> context_destroy(&newcontext); > \# 1463| return rc; > \# 1464| } > > Signed-off-by: Vit Mojzis <vmojzis@xxxxxxxxxx> Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> BTW, this function has long since diverged from the corresponding kernel function security_compute_sid; originally they were identical and even built from the same sources but we forked them long ago to specialize the kernel code. Don't believe anything is using it except for checkpolicy (via the -d option for the transition/member/change_sid commands) but no one should be relying on it matching the kernel's behavior.
