On Tue, Jul 30, 2024 at 8:45 AM Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > On Fri, Jul 19, 2024 at 12:17 PM Vit Mojzis <vmojzis@xxxxxxxxxx> wrote: > > > > Avoid context_destroy() on "newcontext" before context_init() is called. > > > > Fixes: > > libsepol-3.6/src/services.c:1335: var_decl: Declaring variable "newcontext" without initializer. > > libsepol-3.6/src/services.c:1462: uninit_use_in_call: Using uninitialized value "newcontext.range.level[0].cat.node" when calling "context_destroy". > > \# 1460| rc = sepol_sidtab_context_to_sid(sidtab, &newcontext, out_sid); > > \# 1461| out: > > \# 1462|-> context_destroy(&newcontext); > > \# 1463| return rc; > > \# 1464| } > > > > Signed-off-by: Vit Mojzis <vmojzis@xxxxxxxxxx> > > Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > > BTW, this function has long since diverged from the corresponding > kernel function security_compute_sid; originally they were identical > and even built from the same sources but we forked them long ago to > specialize the kernel code. Don't believe anything is using it except > for checkpolicy (via the -d option for the > transition/member/change_sid commands) but no one should be relying on > it matching the kernel's behavior. Applied.
