tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

SELinux: Fix a potentially uninitialised variable in SELinux hooks

Fix a potentially uninitialised variable in SELinux hooks that's given a
pointer to the network address by selinux_parse_skb() passing a pointer back
through its argument list. By restructuring selinux_parse_skb(), the compiler
can see that the error case need not set it as the caller will return
immediately.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

authored by

David Howells and committed by
James Morris cf9481e2 0c0e186f

+24 -18
+24 -18
security/selinux/hooks.c
··· 3539 3539 #endif /* IPV6 */ 3540 3540 3541 3541 static int selinux_parse_skb(struct sk_buff *skb, struct avc_audit_data *ad, 3542 - char **addrp, int src, u8 *proto) 3542 + char **_addrp, int src, u8 *proto) 3543 3543 { 3544 - int ret = 0; 3544 + char *addrp; 3545 + int ret; 3545 3546 3546 3547 switch (ad->u.net.family) { 3547 3548 case PF_INET: 3548 3549 ret = selinux_parse_skb_ipv4(skb, ad, proto); 3549 - if (ret || !addrp) 3550 - break; 3551 - *addrp = (char *)(src ? &ad->u.net.v4info.saddr : 3552 - &ad->u.net.v4info.daddr); 3553 - break; 3550 + if (ret) 3551 + goto parse_error; 3552 + addrp = (char *)(src ? &ad->u.net.v4info.saddr : 3553 + &ad->u.net.v4info.daddr); 3554 + goto okay; 3554 3555 3555 3556 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) 3556 3557 case PF_INET6: 3557 3558 ret = selinux_parse_skb_ipv6(skb, ad, proto); 3558 - if (ret || !addrp) 3559 - break; 3560 - *addrp = (char *)(src ? &ad->u.net.v6info.saddr : 3561 - &ad->u.net.v6info.daddr); 3562 - break; 3559 + if (ret) 3560 + goto parse_error; 3561 + addrp = (char *)(src ? &ad->u.net.v6info.saddr : 3562 + &ad->u.net.v6info.daddr); 3563 + goto okay; 3563 3564 #endif /* IPV6 */ 3564 3565 default: 3565 - break; 3566 + addrp = NULL; 3567 + goto okay; 3566 3568 } 3567 3569 3568 - if (unlikely(ret)) 3569 - printk(KERN_WARNING 3570 - "SELinux: failure in selinux_parse_skb()," 3571 - " unable to parse packet\n"); 3572 - 3570 + parse_error: 3571 + printk(KERN_WARNING 3572 + "SELinux: failure in selinux_parse_skb()," 3573 + " unable to parse packet\n"); 3573 3574 return ret; 3575 + 3576 + okay: 3577 + if (_addrp) 3578 + *_addrp = addrp; 3579 + return 0; 3574 3580 } 3575 3581 3576 3582 /**