From: Paul Moore <pmoore@redhat.com>
To: Dave Jones <davej@redhat.com>
Cc: Linux Kernel <linux-kernel@vger.kernel.org>, jmorris@namei.org
Subject: Re: selinux: fix uninitalised stack variable read in sel_netport_init
Date: Fri, 08 Aug 2014 09:02:08 -0400 [thread overview]
Message-ID: <4618967.Wk4B7HAljU@sifl> (raw)
In-Reply-To: <20140807163818.GA27618@redhat.com>
On Thursday, August 07, 2014 12:38:18 PM Dave Jones wrote:
> After the removal of the avc_add_callback() in commit 615e51fdda6
> ("selinux: reduce the number of calls to synchronize_net() when flushing
> caches"), ret is never set to anything, but we return uninitialized stack
> data on success.
>
> Given the absense of other failure paths, just explicitly return 0.
>
> Signed-off-by: Dave Jones <davej@redhat.com>
Thanks for the patch, but another more comprehensive patch (there are similar
problems in netnode.c and netif.c) was posted earlier this week and reposted
last night ... although evidently I need to send the patch(es) directly to
Linus, so you'll likely see another repost in a few moments.
> diff --git a/security/selinux/netport.c b/security/selinux/netport.c
> index 73ac6784d091..3311cc393cb4 100644
> --- a/security/selinux/netport.c
> +++ b/security/selinux/netport.c
> @@ -237,7 +237,6 @@ void sel_netport_flush(void)
> static __init int sel_netport_init(void)
> {
> int iter;
> - int ret;
>
> if (!selinux_enabled)
> return 0;
> @@ -247,7 +246,7 @@ static __init int sel_netport_init(void)
> sel_netport_hash[iter].size = 0;
> }
>
> - return ret;
> + return 0;
> }
>
> __initcall(sel_netport_init);
--
paul moore
security and virtualization @ redhat
prev parent reply other threads:[~2014-08-08 13:02 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-07 16:38 selinux: fix uninitalised stack variable read in sel_netport_init Dave Jones
2014-08-08 13:02 ` Paul Moore [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4618967.Wk4B7HAljU@sifl \
--to=pmoore@redhat.com \
--cc=davej@redhat.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.