2020-08-19 10:44:34

by Colin King

[permalink] [raw]
Subject: [PATCH][next] selinux: fix allocation failure check on newpolicy->sidtab

From: Colin Ian King <[email protected]>

The allocation check of newpolicy->sidtab is null checking if
newpolicy is null and not newpolicy->sidtab. Fix this.

Addresses-Coverity: ("Logically dead code")
Fixes: c7c556f1e81b ("selinux: refactor changing booleans")
Signed-off-by: Colin Ian King <[email protected]>
---
security/selinux/ss/services.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index f6f78c65f53f..d310910fb639 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2224,7 +2224,7 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len,
return -ENOMEM;

newpolicy->sidtab = kzalloc(sizeof(*newpolicy->sidtab), GFP_KERNEL);
- if (!newpolicy)
+ if (!newpolicy->sidtab)
goto err;

rc = policydb_read(&newpolicy->policydb, fp);
--
2.27.0


2020-08-19 12:25:21

by Stephen Smalley

[permalink] [raw]
Subject: Re: [PATCH][next] selinux: fix allocation failure check on newpolicy->sidtab

On 8/19/20 6:42 AM, Colin King wrote:

> From: Colin Ian King <[email protected]>
>
> The allocation check of newpolicy->sidtab is null checking if
> newpolicy is null and not newpolicy->sidtab. Fix this.
>
> Addresses-Coverity: ("Logically dead code")
> Fixes: c7c556f1e81b ("selinux: refactor changing booleans")
> Signed-off-by: Colin Ian King <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
> ---
> security/selinux/ss/services.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index f6f78c65f53f..d310910fb639 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -2224,7 +2224,7 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len,
> return -ENOMEM;
>
> newpolicy->sidtab = kzalloc(sizeof(*newpolicy->sidtab), GFP_KERNEL);
> - if (!newpolicy)
> + if (!newpolicy->sidtab)
> goto err;
>
> rc = policydb_read(&newpolicy->policydb, fp);

2020-08-19 13:22:36

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH][next] selinux: fix allocation failure check on newpolicy->sidtab

On Wed, Aug 19, 2020 at 6:42 AM Colin King <[email protected]> wrote:
> From: Colin Ian King <[email protected]>
>
> The allocation check of newpolicy->sidtab is null checking if
> newpolicy is null and not newpolicy->sidtab. Fix this.
>
> Addresses-Coverity: ("Logically dead code")
> Fixes: c7c556f1e81b ("selinux: refactor changing booleans")
> Signed-off-by: Colin Ian King <[email protected]>
> ---
> security/selinux/ss/services.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)

Thanks Colin, merged into selinux/next.

--
paul moore
http://www.paul-moore.com