* [PATCH] libselinux: selinux_getenforcemode: remove out2 label
@ 2025-07-27 15:44 Rahul Sandhu
2025-07-27 15:55 ` [PATCH v2] libselinux: remove out2 labels Rahul Sandhu
0 siblings, 1 reply; 4+ messages in thread
From: Rahul Sandhu @ 2025-07-27 15:44 UTC (permalink / raw)
To: selinux; +Cc: Rahul Sandhu
The out2 label previously only existed such that free(buf) isn't called
if malloc(3) fails to allocate buf. However, posix says[1] that calling
free(3) with a nullptr is valid:
> If ptr is a null pointer, no action shall occur.
Hence, remove the extra label to simplify the logic.
[1] https://pubs.opengroup.org/onlinepubs/009604499/functions/free.html
Signed-off-by: Rahul Sandhu <nvraxn@gmail.com>
---
libselinux/src/compute_create.c | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c
index ff8553bc..b0c6ea34 100644
--- a/libselinux/src/compute_create.c
+++ b/libselinux/src/compute_create.c
@@ -81,34 +81,33 @@ int security_compute_create_name_raw(const char * scon,
if (len < 0 || (size_t)len >= size) {
errno = EOVERFLOW;
ret = -1;
- goto out2;
+ goto out;
}
if (objname &&
object_name_encode(objname, buf + len, size - len) < 0) {
errno = ENAMETOOLONG;
ret = -1;
- goto out2;
+ goto out;
}
ret = write(fd, buf, strlen(buf));
if (ret < 0)
- goto out2;
+ goto out;
memset(buf, 0, size);
ret = read(fd, buf, size - 1);
if (ret < 0)
- goto out2;
+ goto out;
*newcon = strdup(buf);
if (!(*newcon)) {
ret = -1;
- goto out2;
+ goto out;
}
ret = 0;
- out2:
- free(buf);
out:
+ free(buf);
close(fd);
return ret;
}
--
2.50.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2] libselinux: remove out2 labels
2025-07-27 15:44 [PATCH] libselinux: selinux_getenforcemode: remove out2 label Rahul Sandhu
@ 2025-07-27 15:55 ` Rahul Sandhu
2025-07-29 14:51 ` Stephen Smalley
0 siblings, 1 reply; 4+ messages in thread
From: Rahul Sandhu @ 2025-07-27 15:55 UTC (permalink / raw)
To: nvraxn; +Cc: selinux
The out2 label previously only existed such that free(buf) isn't called
if malloc(3) fails to allocate buf. However, posix says[1] that calling
free(3) with a nullptr is valid:
> If ptr is a null pointer, no action shall occur.
Hence, remove the extra labels to simplify the logic.
[1] https://pubs.opengroup.org/onlinepubs/009604499/functions/free.html
Signed-off-by: Rahul Sandhu <nvraxn@gmail.com>
---
libselinux/src/canonicalize_context.c | 9 ++++-----
libselinux/src/compute_av.c | 11 +++++------
libselinux/src/compute_create.c | 13 ++++++-------
libselinux/src/compute_member.c | 11 +++++------
libselinux/src/compute_relabel.c | 11 +++++------
libselinux/src/compute_user.c | 15 +++++++--------
libselinux/src/get_initial_context.c | 7 +++----
libselinux/src/procattr.c | 9 ++++-----
8 files changed, 39 insertions(+), 47 deletions(-)
diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c
index 6af8491d..d9f0beb4 100644
--- a/libselinux/src/canonicalize_context.c
+++ b/libselinux/src/canonicalize_context.c
@@ -36,12 +36,12 @@ int security_canonicalize_context_raw(const char * con,
if (strlcpy(buf, con, size) >= size) {
errno = EOVERFLOW;
ret = -1;
- goto out2;
+ goto out;
}
ret = write(fd, buf, strlen(buf) + 1);
if (ret < 0)
- goto out2;
+ goto out;
memset(buf, 0, size);
ret = read(fd, buf, size - 1);
@@ -54,12 +54,11 @@ int security_canonicalize_context_raw(const char * con,
*canoncon = strdup(buf);
if (!(*canoncon)) {
ret = -1;
- goto out2;
+ goto out;
}
ret = 0;
- out2:
- free(buf);
out:
+ free(buf);
close(fd);
return ret;
}
diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c
index 354a19e1..bd31279f 100644
--- a/libselinux/src/compute_av.c
+++ b/libselinux/src/compute_av.c
@@ -46,17 +46,17 @@ int security_compute_av_flags_raw(const char * scon,
if (ret < 0 || (size_t)ret >= len) {
errno = EOVERFLOW;
ret = -1;
- goto out2;
+ goto out;
}
ret = write(fd, buf, strlen(buf));
if (ret < 0)
- goto out2;
+ goto out;
memset(buf, 0, len);
ret = read(fd, buf, len - 1);
if (ret < 0)
- goto out2;
+ goto out;
ret = sscanf(buf, "%x %x %x %x %u %x",
&avd->allowed, &avd->decided,
@@ -64,7 +64,7 @@ int security_compute_av_flags_raw(const char * scon,
&avd->seqno, &avd->flags);
if (ret < 5) {
ret = -1;
- goto out2;
+ goto out;
} else if (ret < 6)
avd->flags = 0;
@@ -79,9 +79,8 @@ int security_compute_av_flags_raw(const char * scon,
map_decision(tclass, avd);
ret = 0;
- out2:
- free(buf);
out:
+ free(buf);
close(fd);
return ret;
}
diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c
index ff8553bc..b0c6ea34 100644
--- a/libselinux/src/compute_create.c
+++ b/libselinux/src/compute_create.c
@@ -81,34 +81,33 @@ int security_compute_create_name_raw(const char * scon,
if (len < 0 || (size_t)len >= size) {
errno = EOVERFLOW;
ret = -1;
- goto out2;
+ goto out;
}
if (objname &&
object_name_encode(objname, buf + len, size - len) < 0) {
errno = ENAMETOOLONG;
ret = -1;
- goto out2;
+ goto out;
}
ret = write(fd, buf, strlen(buf));
if (ret < 0)
- goto out2;
+ goto out;
memset(buf, 0, size);
ret = read(fd, buf, size - 1);
if (ret < 0)
- goto out2;
+ goto out;
*newcon = strdup(buf);
if (!(*newcon)) {
ret = -1;
- goto out2;
+ goto out;
}
ret = 0;
- out2:
- free(buf);
out:
+ free(buf);
close(fd);
return ret;
}
diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_member.c
index 53d2f559..ebe33264 100644
--- a/libselinux/src/compute_member.c
+++ b/libselinux/src/compute_member.c
@@ -41,27 +41,26 @@ int security_compute_member_raw(const char * scon,
if (ret < 0 || (size_t)ret >= size) {
errno = EOVERFLOW;
ret = -1;
- goto out2;
+ goto out;
}
ret = write(fd, buf, strlen(buf));
if (ret < 0)
- goto out2;
+ goto out;
memset(buf, 0, size);
ret = read(fd, buf, size - 1);
if (ret < 0)
- goto out2;
+ goto out;
*newcon = strdup(buf);
if (!(*newcon)) {
ret = -1;
- goto out2;
+ goto out;
}
ret = 0;
- out2:
- free(buf);
out:
+ free(buf);
close(fd);
return ret;
}
diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_relabel.c
index 9c0a2304..b2c1520e 100644
--- a/libselinux/src/compute_relabel.c
+++ b/libselinux/src/compute_relabel.c
@@ -41,27 +41,26 @@ int security_compute_relabel_raw(const char * scon,
if (ret < 0 || (size_t)ret >= size) {
errno = EOVERFLOW;
ret = -1;
- goto out2;
+ goto out;
}
ret = write(fd, buf, strlen(buf));
if (ret < 0)
- goto out2;
+ goto out;
memset(buf, 0, size);
ret = read(fd, buf, size - 1);
if (ret < 0)
- goto out2;
+ goto out;
*newcon = strdup(buf);
if (!*newcon) {
ret = -1;
- goto out2;
+ goto out;
}
ret = 0;
- out2:
- free(buf);
out:
+ free(buf);
close(fd);
return ret;
}
diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c
index d4387aed..584219c7 100644
--- a/libselinux/src/compute_user.c
+++ b/libselinux/src/compute_user.c
@@ -43,27 +43,27 @@ int security_compute_user_raw(const char * scon,
if (ret < 0 || (size_t)ret >= size) {
errno = EOVERFLOW;
ret = -1;
- goto out2;
+ goto out;
}
ret = write(fd, buf, strlen(buf));
if (ret < 0)
- goto out2;
+ goto out;
memset(buf, 0, size);
ret = read(fd, buf, size - 1);
if (ret < 0)
- goto out2;
+ goto out;
if (sscanf(buf, "%u", &nel) != 1) {
ret = -1;
- goto out2;
+ goto out;
}
ary = malloc((nel + 1) * sizeof(char *));
if (!ary) {
ret = -1;
- goto out2;
+ goto out;
}
ptr = buf + strlen(buf) + 1;
@@ -72,16 +72,15 @@ int security_compute_user_raw(const char * scon,
if (!ary[i]) {
freeconary(ary);
ret = -1;
- goto out2;
+ goto out;
}
ptr += strlen(ptr) + 1;
}
ary[nel] = NULL;
*con = ary;
ret = 0;
- out2:
- free(buf);
out:
+ free(buf);
close(fd);
return ret;
}
diff --git a/libselinux/src/get_initial_context.c b/libselinux/src/get_initial_context.c
index fb774c82..badcda9f 100644
--- a/libselinux/src/get_initial_context.c
+++ b/libselinux/src/get_initial_context.c
@@ -46,17 +46,16 @@ int security_get_initial_context_raw(const char * name, char ** con)
}
ret = read(fd, buf, size - 1);
if (ret < 0)
- goto out2;
+ goto out;
*con = strdup(buf);
if (!(*con)) {
ret = -1;
- goto out2;
+ goto out;
}
ret = 0;
- out2:
- free(buf);
out:
+ free(buf);
close(fd);
return ret;
}
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
index aa16c934..f8e8f191 100644
--- a/libselinux/src/procattr.c
+++ b/libselinux/src/procattr.c
@@ -153,22 +153,21 @@ static int getprocattrcon_raw(char **context, pid_t pid, const char *attr,
ret = read(fd, buf, size - 1);
} while (ret < 0 && errno == EINTR);
if (ret < 0)
- goto out2;
+ goto out;
if (ret == 0) {
*context = NULL;
- goto out2;
+ goto out;
}
*context = strdup(buf);
if (!(*context)) {
ret = -1;
- goto out2;
+ goto out;
}
ret = 0;
- out2:
- free(buf);
out:
+ free(buf);
errno_hold = errno;
close(fd);
errno = errno_hold;
--
2.50.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2] libselinux: remove out2 labels
2025-07-27 15:55 ` [PATCH v2] libselinux: remove out2 labels Rahul Sandhu
@ 2025-07-29 14:51 ` Stephen Smalley
2025-07-31 14:16 ` Stephen Smalley
0 siblings, 1 reply; 4+ messages in thread
From: Stephen Smalley @ 2025-07-29 14:51 UTC (permalink / raw)
To: Rahul Sandhu; +Cc: selinux
On Sun, Jul 27, 2025 at 11:55 AM Rahul Sandhu <nvraxn@gmail.com> wrote:
>
> The out2 label previously only existed such that free(buf) isn't called
> if malloc(3) fails to allocate buf. However, posix says[1] that calling
> free(3) with a nullptr is valid:
>
> > If ptr is a null pointer, no action shall occur.
>
> Hence, remove the extra labels to simplify the logic.
>
> [1] https://pubs.opengroup.org/onlinepubs/009604499/functions/free.html
>
> Signed-off-by: Rahul Sandhu <nvraxn@gmail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
> ---
> libselinux/src/canonicalize_context.c | 9 ++++-----
> libselinux/src/compute_av.c | 11 +++++------
> libselinux/src/compute_create.c | 13 ++++++-------
> libselinux/src/compute_member.c | 11 +++++------
> libselinux/src/compute_relabel.c | 11 +++++------
> libselinux/src/compute_user.c | 15 +++++++--------
> libselinux/src/get_initial_context.c | 7 +++----
> libselinux/src/procattr.c | 9 ++++-----
> 8 files changed, 39 insertions(+), 47 deletions(-)
>
> diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c
> index 6af8491d..d9f0beb4 100644
> --- a/libselinux/src/canonicalize_context.c
> +++ b/libselinux/src/canonicalize_context.c
> @@ -36,12 +36,12 @@ int security_canonicalize_context_raw(const char * con,
> if (strlcpy(buf, con, size) >= size) {
> errno = EOVERFLOW;
> ret = -1;
> - goto out2;
> + goto out;
> }
>
> ret = write(fd, buf, strlen(buf) + 1);
> if (ret < 0)
> - goto out2;
> + goto out;
>
> memset(buf, 0, size);
> ret = read(fd, buf, size - 1);
> @@ -54,12 +54,11 @@ int security_canonicalize_context_raw(const char * con,
> *canoncon = strdup(buf);
> if (!(*canoncon)) {
> ret = -1;
> - goto out2;
> + goto out;
> }
> ret = 0;
> - out2:
> - free(buf);
> out:
> + free(buf);
> close(fd);
> return ret;
> }
> diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c
> index 354a19e1..bd31279f 100644
> --- a/libselinux/src/compute_av.c
> +++ b/libselinux/src/compute_av.c
> @@ -46,17 +46,17 @@ int security_compute_av_flags_raw(const char * scon,
> if (ret < 0 || (size_t)ret >= len) {
> errno = EOVERFLOW;
> ret = -1;
> - goto out2;
> + goto out;
> }
>
> ret = write(fd, buf, strlen(buf));
> if (ret < 0)
> - goto out2;
> + goto out;
>
> memset(buf, 0, len);
> ret = read(fd, buf, len - 1);
> if (ret < 0)
> - goto out2;
> + goto out;
>
> ret = sscanf(buf, "%x %x %x %x %u %x",
> &avd->allowed, &avd->decided,
> @@ -64,7 +64,7 @@ int security_compute_av_flags_raw(const char * scon,
> &avd->seqno, &avd->flags);
> if (ret < 5) {
> ret = -1;
> - goto out2;
> + goto out;
> } else if (ret < 6)
> avd->flags = 0;
>
> @@ -79,9 +79,8 @@ int security_compute_av_flags_raw(const char * scon,
> map_decision(tclass, avd);
>
> ret = 0;
> - out2:
> - free(buf);
> out:
> + free(buf);
> close(fd);
> return ret;
> }
> diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c
> index ff8553bc..b0c6ea34 100644
> --- a/libselinux/src/compute_create.c
> +++ b/libselinux/src/compute_create.c
> @@ -81,34 +81,33 @@ int security_compute_create_name_raw(const char * scon,
> if (len < 0 || (size_t)len >= size) {
> errno = EOVERFLOW;
> ret = -1;
> - goto out2;
> + goto out;
> }
>
> if (objname &&
> object_name_encode(objname, buf + len, size - len) < 0) {
> errno = ENAMETOOLONG;
> ret = -1;
> - goto out2;
> + goto out;
> }
>
> ret = write(fd, buf, strlen(buf));
> if (ret < 0)
> - goto out2;
> + goto out;
>
> memset(buf, 0, size);
> ret = read(fd, buf, size - 1);
> if (ret < 0)
> - goto out2;
> + goto out;
>
> *newcon = strdup(buf);
> if (!(*newcon)) {
> ret = -1;
> - goto out2;
> + goto out;
> }
> ret = 0;
> - out2:
> - free(buf);
> out:
> + free(buf);
> close(fd);
> return ret;
> }
> diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_member.c
> index 53d2f559..ebe33264 100644
> --- a/libselinux/src/compute_member.c
> +++ b/libselinux/src/compute_member.c
> @@ -41,27 +41,26 @@ int security_compute_member_raw(const char * scon,
> if (ret < 0 || (size_t)ret >= size) {
> errno = EOVERFLOW;
> ret = -1;
> - goto out2;
> + goto out;
> }
>
> ret = write(fd, buf, strlen(buf));
> if (ret < 0)
> - goto out2;
> + goto out;
>
> memset(buf, 0, size);
> ret = read(fd, buf, size - 1);
> if (ret < 0)
> - goto out2;
> + goto out;
>
> *newcon = strdup(buf);
> if (!(*newcon)) {
> ret = -1;
> - goto out2;
> + goto out;
> }
> ret = 0;
> - out2:
> - free(buf);
> out:
> + free(buf);
> close(fd);
> return ret;
> }
> diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_relabel.c
> index 9c0a2304..b2c1520e 100644
> --- a/libselinux/src/compute_relabel.c
> +++ b/libselinux/src/compute_relabel.c
> @@ -41,27 +41,26 @@ int security_compute_relabel_raw(const char * scon,
> if (ret < 0 || (size_t)ret >= size) {
> errno = EOVERFLOW;
> ret = -1;
> - goto out2;
> + goto out;
> }
>
> ret = write(fd, buf, strlen(buf));
> if (ret < 0)
> - goto out2;
> + goto out;
>
> memset(buf, 0, size);
> ret = read(fd, buf, size - 1);
> if (ret < 0)
> - goto out2;
> + goto out;
>
> *newcon = strdup(buf);
> if (!*newcon) {
> ret = -1;
> - goto out2;
> + goto out;
> }
> ret = 0;
> - out2:
> - free(buf);
> out:
> + free(buf);
> close(fd);
> return ret;
> }
> diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c
> index d4387aed..584219c7 100644
> --- a/libselinux/src/compute_user.c
> +++ b/libselinux/src/compute_user.c
> @@ -43,27 +43,27 @@ int security_compute_user_raw(const char * scon,
> if (ret < 0 || (size_t)ret >= size) {
> errno = EOVERFLOW;
> ret = -1;
> - goto out2;
> + goto out;
> }
>
> ret = write(fd, buf, strlen(buf));
> if (ret < 0)
> - goto out2;
> + goto out;
>
> memset(buf, 0, size);
> ret = read(fd, buf, size - 1);
> if (ret < 0)
> - goto out2;
> + goto out;
>
> if (sscanf(buf, "%u", &nel) != 1) {
> ret = -1;
> - goto out2;
> + goto out;
> }
>
> ary = malloc((nel + 1) * sizeof(char *));
> if (!ary) {
> ret = -1;
> - goto out2;
> + goto out;
> }
>
> ptr = buf + strlen(buf) + 1;
> @@ -72,16 +72,15 @@ int security_compute_user_raw(const char * scon,
> if (!ary[i]) {
> freeconary(ary);
> ret = -1;
> - goto out2;
> + goto out;
> }
> ptr += strlen(ptr) + 1;
> }
> ary[nel] = NULL;
> *con = ary;
> ret = 0;
> - out2:
> - free(buf);
> out:
> + free(buf);
> close(fd);
> return ret;
> }
> diff --git a/libselinux/src/get_initial_context.c b/libselinux/src/get_initial_context.c
> index fb774c82..badcda9f 100644
> --- a/libselinux/src/get_initial_context.c
> +++ b/libselinux/src/get_initial_context.c
> @@ -46,17 +46,16 @@ int security_get_initial_context_raw(const char * name, char ** con)
> }
> ret = read(fd, buf, size - 1);
> if (ret < 0)
> - goto out2;
> + goto out;
>
> *con = strdup(buf);
> if (!(*con)) {
> ret = -1;
> - goto out2;
> + goto out;
> }
> ret = 0;
> - out2:
> - free(buf);
> out:
> + free(buf);
> close(fd);
> return ret;
> }
> diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
> index aa16c934..f8e8f191 100644
> --- a/libselinux/src/procattr.c
> +++ b/libselinux/src/procattr.c
> @@ -153,22 +153,21 @@ static int getprocattrcon_raw(char **context, pid_t pid, const char *attr,
> ret = read(fd, buf, size - 1);
> } while (ret < 0 && errno == EINTR);
> if (ret < 0)
> - goto out2;
> + goto out;
>
> if (ret == 0) {
> *context = NULL;
> - goto out2;
> + goto out;
> }
>
> *context = strdup(buf);
> if (!(*context)) {
> ret = -1;
> - goto out2;
> + goto out;
> }
> ret = 0;
> - out2:
> - free(buf);
> out:
> + free(buf);
> errno_hold = errno;
> close(fd);
> errno = errno_hold;
> --
> 2.50.1
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH v2] libselinux: remove out2 labels
2025-07-29 14:51 ` Stephen Smalley
@ 2025-07-31 14:16 ` Stephen Smalley
0 siblings, 0 replies; 4+ messages in thread
From: Stephen Smalley @ 2025-07-31 14:16 UTC (permalink / raw)
To: Rahul Sandhu; +Cc: selinux
On Tue, Jul 29, 2025 at 10:51 AM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> On Sun, Jul 27, 2025 at 11:55 AM Rahul Sandhu <nvraxn@gmail.com> wrote:
> >
> > The out2 label previously only existed such that free(buf) isn't called
> > if malloc(3) fails to allocate buf. However, posix says[1] that calling
> > free(3) with a nullptr is valid:
> >
> > > If ptr is a null pointer, no action shall occur.
> >
> > Hence, remove the extra labels to simplify the logic.
> >
> > [1] https://pubs.opengroup.org/onlinepubs/009604499/functions/free.html
> >
> > Signed-off-by: Rahul Sandhu <nvraxn@gmail.com>
>
> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Thanks, applied.
>
> > ---
> > libselinux/src/canonicalize_context.c | 9 ++++-----
> > libselinux/src/compute_av.c | 11 +++++------
> > libselinux/src/compute_create.c | 13 ++++++-------
> > libselinux/src/compute_member.c | 11 +++++------
> > libselinux/src/compute_relabel.c | 11 +++++------
> > libselinux/src/compute_user.c | 15 +++++++--------
> > libselinux/src/get_initial_context.c | 7 +++----
> > libselinux/src/procattr.c | 9 ++++-----
> > 8 files changed, 39 insertions(+), 47 deletions(-)
> >
> > diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c
> > index 6af8491d..d9f0beb4 100644
> > --- a/libselinux/src/canonicalize_context.c
> > +++ b/libselinux/src/canonicalize_context.c
> > @@ -36,12 +36,12 @@ int security_canonicalize_context_raw(const char * con,
> > if (strlcpy(buf, con, size) >= size) {
> > errno = EOVERFLOW;
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> >
> > ret = write(fd, buf, strlen(buf) + 1);
> > if (ret < 0)
> > - goto out2;
> > + goto out;
> >
> > memset(buf, 0, size);
> > ret = read(fd, buf, size - 1);
> > @@ -54,12 +54,11 @@ int security_canonicalize_context_raw(const char * con,
> > *canoncon = strdup(buf);
> > if (!(*canoncon)) {
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> > ret = 0;
> > - out2:
> > - free(buf);
> > out:
> > + free(buf);
> > close(fd);
> > return ret;
> > }
> > diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c
> > index 354a19e1..bd31279f 100644
> > --- a/libselinux/src/compute_av.c
> > +++ b/libselinux/src/compute_av.c
> > @@ -46,17 +46,17 @@ int security_compute_av_flags_raw(const char * scon,
> > if (ret < 0 || (size_t)ret >= len) {
> > errno = EOVERFLOW;
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> >
> > ret = write(fd, buf, strlen(buf));
> > if (ret < 0)
> > - goto out2;
> > + goto out;
> >
> > memset(buf, 0, len);
> > ret = read(fd, buf, len - 1);
> > if (ret < 0)
> > - goto out2;
> > + goto out;
> >
> > ret = sscanf(buf, "%x %x %x %x %u %x",
> > &avd->allowed, &avd->decided,
> > @@ -64,7 +64,7 @@ int security_compute_av_flags_raw(const char * scon,
> > &avd->seqno, &avd->flags);
> > if (ret < 5) {
> > ret = -1;
> > - goto out2;
> > + goto out;
> > } else if (ret < 6)
> > avd->flags = 0;
> >
> > @@ -79,9 +79,8 @@ int security_compute_av_flags_raw(const char * scon,
> > map_decision(tclass, avd);
> >
> > ret = 0;
> > - out2:
> > - free(buf);
> > out:
> > + free(buf);
> > close(fd);
> > return ret;
> > }
> > diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c
> > index ff8553bc..b0c6ea34 100644
> > --- a/libselinux/src/compute_create.c
> > +++ b/libselinux/src/compute_create.c
> > @@ -81,34 +81,33 @@ int security_compute_create_name_raw(const char * scon,
> > if (len < 0 || (size_t)len >= size) {
> > errno = EOVERFLOW;
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> >
> > if (objname &&
> > object_name_encode(objname, buf + len, size - len) < 0) {
> > errno = ENAMETOOLONG;
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> >
> > ret = write(fd, buf, strlen(buf));
> > if (ret < 0)
> > - goto out2;
> > + goto out;
> >
> > memset(buf, 0, size);
> > ret = read(fd, buf, size - 1);
> > if (ret < 0)
> > - goto out2;
> > + goto out;
> >
> > *newcon = strdup(buf);
> > if (!(*newcon)) {
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> > ret = 0;
> > - out2:
> > - free(buf);
> > out:
> > + free(buf);
> > close(fd);
> > return ret;
> > }
> > diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_member.c
> > index 53d2f559..ebe33264 100644
> > --- a/libselinux/src/compute_member.c
> > +++ b/libselinux/src/compute_member.c
> > @@ -41,27 +41,26 @@ int security_compute_member_raw(const char * scon,
> > if (ret < 0 || (size_t)ret >= size) {
> > errno = EOVERFLOW;
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> >
> > ret = write(fd, buf, strlen(buf));
> > if (ret < 0)
> > - goto out2;
> > + goto out;
> >
> > memset(buf, 0, size);
> > ret = read(fd, buf, size - 1);
> > if (ret < 0)
> > - goto out2;
> > + goto out;
> >
> > *newcon = strdup(buf);
> > if (!(*newcon)) {
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> > ret = 0;
> > - out2:
> > - free(buf);
> > out:
> > + free(buf);
> > close(fd);
> > return ret;
> > }
> > diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_relabel.c
> > index 9c0a2304..b2c1520e 100644
> > --- a/libselinux/src/compute_relabel.c
> > +++ b/libselinux/src/compute_relabel.c
> > @@ -41,27 +41,26 @@ int security_compute_relabel_raw(const char * scon,
> > if (ret < 0 || (size_t)ret >= size) {
> > errno = EOVERFLOW;
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> >
> > ret = write(fd, buf, strlen(buf));
> > if (ret < 0)
> > - goto out2;
> > + goto out;
> >
> > memset(buf, 0, size);
> > ret = read(fd, buf, size - 1);
> > if (ret < 0)
> > - goto out2;
> > + goto out;
> >
> > *newcon = strdup(buf);
> > if (!*newcon) {
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> > ret = 0;
> > - out2:
> > - free(buf);
> > out:
> > + free(buf);
> > close(fd);
> > return ret;
> > }
> > diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c
> > index d4387aed..584219c7 100644
> > --- a/libselinux/src/compute_user.c
> > +++ b/libselinux/src/compute_user.c
> > @@ -43,27 +43,27 @@ int security_compute_user_raw(const char * scon,
> > if (ret < 0 || (size_t)ret >= size) {
> > errno = EOVERFLOW;
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> >
> > ret = write(fd, buf, strlen(buf));
> > if (ret < 0)
> > - goto out2;
> > + goto out;
> >
> > memset(buf, 0, size);
> > ret = read(fd, buf, size - 1);
> > if (ret < 0)
> > - goto out2;
> > + goto out;
> >
> > if (sscanf(buf, "%u", &nel) != 1) {
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> >
> > ary = malloc((nel + 1) * sizeof(char *));
> > if (!ary) {
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> >
> > ptr = buf + strlen(buf) + 1;
> > @@ -72,16 +72,15 @@ int security_compute_user_raw(const char * scon,
> > if (!ary[i]) {
> > freeconary(ary);
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> > ptr += strlen(ptr) + 1;
> > }
> > ary[nel] = NULL;
> > *con = ary;
> > ret = 0;
> > - out2:
> > - free(buf);
> > out:
> > + free(buf);
> > close(fd);
> > return ret;
> > }
> > diff --git a/libselinux/src/get_initial_context.c b/libselinux/src/get_initial_context.c
> > index fb774c82..badcda9f 100644
> > --- a/libselinux/src/get_initial_context.c
> > +++ b/libselinux/src/get_initial_context.c
> > @@ -46,17 +46,16 @@ int security_get_initial_context_raw(const char * name, char ** con)
> > }
> > ret = read(fd, buf, size - 1);
> > if (ret < 0)
> > - goto out2;
> > + goto out;
> >
> > *con = strdup(buf);
> > if (!(*con)) {
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> > ret = 0;
> > - out2:
> > - free(buf);
> > out:
> > + free(buf);
> > close(fd);
> > return ret;
> > }
> > diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
> > index aa16c934..f8e8f191 100644
> > --- a/libselinux/src/procattr.c
> > +++ b/libselinux/src/procattr.c
> > @@ -153,22 +153,21 @@ static int getprocattrcon_raw(char **context, pid_t pid, const char *attr,
> > ret = read(fd, buf, size - 1);
> > } while (ret < 0 && errno == EINTR);
> > if (ret < 0)
> > - goto out2;
> > + goto out;
> >
> > if (ret == 0) {
> > *context = NULL;
> > - goto out2;
> > + goto out;
> > }
> >
> > *context = strdup(buf);
> > if (!(*context)) {
> > ret = -1;
> > - goto out2;
> > + goto out;
> > }
> > ret = 0;
> > - out2:
> > - free(buf);
> > out:
> > + free(buf);
> > errno_hold = errno;
> > close(fd);
> > errno = errno_hold;
> > --
> > 2.50.1
> >
> >
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-07-31 14:17 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-07-27 15:44 [PATCH] libselinux: selinux_getenforcemode: remove out2 label Rahul Sandhu
2025-07-27 15:55 ` [PATCH v2] libselinux: remove out2 labels Rahul Sandhu
2025-07-29 14:51 ` Stephen Smalley
2025-07-31 14:16 ` Stephen Smalley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).