The function audit_log_start() can fail, so its return value should be
checked against NULL.
Signed-off-by: Li Zhong <[email protected]>
---
security/selinux/ss/services.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index fe5fcf571c56..41d4c4ed93b7 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -3271,6 +3271,9 @@ int security_sid_mls_copy(struct selinux_state *state,
ab = audit_log_start(audit_context(),
GFP_ATOMIC,
AUDIT_SELINUX_ERR);
+ if (!ab)
+ goto out_unlock;
+
audit_log_format(ab,
"op=security_sid_mls_copy invalid_context=");
/* don't record NUL with untrusted strings */
--
2.25.1
On Sat, Aug 20, 2022 at 4:26 AM lily <[email protected]> wrote:
>
> The function audit_log_start() can fail, so its return value should be
> checked against NULL.
>
> Signed-off-by: Li Zhong <[email protected]>
> ---
> security/selinux/ss/services.c | 3 +++
> 1 file changed, 3 insertions(+)
audit_log_start() can safely return NULL as the audit_log_*()
functions are designed to handle a NULL audit_buffer. This is an
expected behavior and not a bug.
--
paul-moore.com