[V3] lockdown: Initialize array before use

Message ID	20250105070537.58334-1-tanyaagarwal25699@gmail.com (mailing list archive)
State	Accepted
Delegated to:	Paul Moore
Headers	show Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 00612184F; Sun, 5 Jan 2025 07:06:14 +0000 (UTC) From: Tanya Agarwal <tanyaagarwal25699@gmail.com> To: paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com Cc: kees@kernel.org, yuehaibing@huawei.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, matthewgarrett@google.com, skhan@linuxfoundation.org, anupnewsmail@gmail.com, tanyaagarwal25699@gmail.com Subject: [PATCH V3] lockdown: Initialize array before use Date: Sun, 5 Jan 2025 12:35:38 +0530 Message-Id: <20250105070537.58334-1-tanyaagarwal25699@gmail.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[V3] lockdown: Initialize array before use \| expand [V3] lockdown: Initialize array before use

Message ID

20250105070537.58334-1-tanyaagarwal25699@gmail.com (mailing list archive)

State

Accepted

Delegated to:

Paul Moore

Headers

From: Tanya Agarwal <tanyaagarwal25699@gmail.com>
To: paul@paul-moore.com,
	jmorris@namei.org,
	serge@hallyn.com
Cc: kees@kernel.org,
	yuehaibing@huawei.com,
	linux-security-module@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	matthewgarrett@google.com,
	skhan@linuxfoundation.org,
	anupnewsmail@gmail.com,
	tanyaagarwal25699@gmail.com
Subject: [PATCH V3] lockdown: Initialize array before use
Date: Sun,  5 Jan 2025 12:35:38 +0530
Message-Id: <20250105070537.58334-1-tanyaagarwal25699@gmail.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[V3] lockdown: Initialize array before use | expand

Commit Message

Tanya Agarwal Jan. 5, 2025, 7:05 a.m. UTC

From: Tanya Agarwal <tanyaagarwal25699@gmail.com>

The static code analysis tool "Coverity Scan" pointed the following
details out for further development considerations:
CID 1486102: Uninitialized scalar variable (UNINIT)
uninit_use_in_call: Using uninitialized value *temp when calling
strlen.

Conclusion:
Initialize array before use in lockdown_read() to satisfy the static
analyzer.

Fixes: 000d388ed3bb ("security: Add a static lockdown policy LSM")
Signed-off-by: Tanya Agarwal <tanyaagarwal25699@gmail.com>
---
V2: add Fixes tag and reword commit description
V3: use "" initialization instead of {}

Coverity Link:
https://scan7.scan.coverity.com/#/project-view/52849/11354?selectedIssue=1486102


 security/lockdown/lockdown.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Kuan-Wei Chiu Jan. 5, 2025, 10:42 a.m. UTC | #1

Hi Tanya,

On Sun, Jan 05, 2025 at 12:35:38PM +0530, Tanya Agarwal wrote:
> From: Tanya Agarwal <tanyaagarwal25699@gmail.com>
> 
> The static code analysis tool "Coverity Scan" pointed the following
> details out for further development considerations:
> CID 1486102: Uninitialized scalar variable (UNINIT)
> uninit_use_in_call: Using uninitialized value *temp when calling
> strlen.
> 
> Conclusion:
> Initialize array before use in lockdown_read() to satisfy the static
> analyzer.
> 
> Fixes: 000d388ed3bb ("security: Add a static lockdown policy LSM")
> Signed-off-by: Tanya Agarwal <tanyaagarwal25699@gmail.com>

I don't believe this is a real bug. The lockdown_reasons array is a
non-empty constant, so temp is guaranteed to be written to by sprintf
before being passed to strlen.

When submitting patches in the future, could you also include an
analysis of the conditions that might lead to the bug, along with the
coverity scan report?

Regards,
Kuan-Wei

Paul Moore Jan. 5, 2025, 5:48 p.m. UTC | #2

On Jan  5, 2025 Tanya Agarwal <tanyaagarwal25699@gmail.com> wrote:
> 
> The static code analysis tool "Coverity Scan" pointed the following
> details out for further development considerations:
> CID 1486102: Uninitialized scalar variable (UNINIT)
> uninit_use_in_call: Using uninitialized value *temp when calling
> strlen.
> 
> Conclusion:
> Initialize array before use in lockdown_read() to satisfy the static
> analyzer.
> 
> Fixes: 000d388ed3bb ("security: Add a static lockdown policy LSM")
> Signed-off-by: Tanya Agarwal <tanyaagarwal25699@gmail.com>

I removed the 'Fixes:' tag as the code isn't actually broken as we
discussed in previous iterations of this patch.  I also edited the
subject line and commit description a bit, but otherwise this is
fine.  Merged into lsm/dev.

--
paul-moore.com

Tanya Agarwal Jan. 5, 2025, 5:52 p.m. UTC | #3

On Sun, Jan 5, 2025 at 11:18 PM Paul Moore <paul@paul-moore.com> wrote:
>
> On Jan  5, 2025 Tanya Agarwal <tanyaagarwal25699@gmail.com> wrote:
> >
> > The static code analysis tool "Coverity Scan" pointed the following
> > details out for further development considerations:
> > CID 1486102: Uninitialized scalar variable (UNINIT)
> > uninit_use_in_call: Using uninitialized value *temp when calling
> > strlen.
> >
> > Conclusion:
> > Initialize array before use in lockdown_read() to satisfy the static
> > analyzer.
> >
> > Fixes: 000d388ed3bb ("security: Add a static lockdown policy LSM")
> > Signed-off-by: Tanya Agarwal <tanyaagarwal25699@gmail.com>
>
> I removed the 'Fixes:' tag as the code isn't actually broken as we
> discussed in previous iterations of this patch.  I also edited the
> subject line and commit description a bit, but otherwise this is
> fine.  Merged into lsm/dev.
>
> --
> paul-moore.com


Thank you, Paul.

Regards,
Tanya

diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index f2bdbd55aa2b..cf83afa1d879 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -96,7 +96,7 @@  static int __init lockdown_lsm_init(void)
 static ssize_t lockdown_read(struct file *filp, char __user *buf, size_t count,
 			     loff_t *ppos)
 {
-	char temp[80];
+	char temp[80] = "";
 	int i, offset = 0;
 
 	for (i = 0; i < ARRAY_SIZE(lockdown_levels); i++) {

[V3] lockdown: Initialize array before use

Commit Message

Comments

Patch