All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dan Carpenter <dan.carpenter@oracle.com>
To: viro@zeniv.linux.org.uk
Cc: selinux@vger.kernel.org
Subject: [bug report] selinux: kill selinux_sb_get_mnt_opts()
Date: Tue, 5 Feb 2019 13:20:06 +0300	[thread overview]
Message-ID: <20190205102006.GA6230@kadam> (raw)

Hello Al Viro,

The patch e3489f8974e1: "selinux: kill selinux_sb_get_mnt_opts()"
from Dec 13, 2018, leads to the following static checker warning:

	security/selinux/hooks.c:1075 show_sid()
	error: we previously assumed 'context' could be null (see line 1070)

security/selinux/hooks.c
    1061 static int show_sid(struct seq_file *m, u32 sid)
    1062 {
    1063 	char *context = NULL;
    1064 	u32 len;
    1065 	int rc;
    1066 
    1067 	rc = security_sid_to_context(&selinux_state, sid,
    1068 					     &context, &len);
    1069 	if (!rc) {
    1070 		bool has_comma = context && strchr(context, ',');
                                         ^^^^^^^
Can context be NULL?

    1071 
    1072 		seq_putc(m, '=');
    1073 		if (has_comma)
    1074 			seq_putc(m, '\"');
--> 1075 		seq_escape(m, context, "\"\n\\");
                                      ^^^^^^^
Because if it is, then we're toasted when we pass it to seq_escape().

    1076 		if (has_comma)
    1077 			seq_putc(m, '\"');
    1078 	}
    1079 	kfree(context);
    1080 	return rc;
    1081 }

regards,
dan carpenter

             reply	other threads:[~2019-02-05 10:21 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-05 10:20 Dan Carpenter [this message]
2019-02-05 13:37 ` [bug report] selinux: kill selinux_sb_get_mnt_opts() Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190205102006.GA6230@kadam \
    --to=dan.carpenter@oracle.com \
    --cc=selinux@vger.kernel.org \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.