| Message ID | 20220610150623.21082-1-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | f505a73b0630 |
| Headers | show |
| Series | libsepol: avoid potential NULL dereference on optional parameter | expand |
On Fri, Jun 10, 2022 at 11:12 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > The parameter `reason` of `context_struct_compute_av()` is optional and > can be passed in as NULL, like from `type_attribute_bounds_av()`. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > libsepol/src/services.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/libsepol/src/services.c b/libsepol/src/services.c > index d7510e9d..24412d83 100644 > --- a/libsepol/src/services.c > +++ b/libsepol/src/services.c > @@ -894,7 +894,8 @@ static void type_attribute_bounds_av(context_struct_t *scontext, > /* mask violated permissions */ > avd->allowed &= ~masked; > > - *reason |= SEPOL_COMPUTEAV_BOUNDS; > + if (reason) > + *reason |= SEPOL_COMPUTEAV_BOUNDS; > } > > /* > -- > 2.36.1 >
On Wed, Jun 29, 2022 at 1:59 PM James Carter <jwcart2@gmail.com> wrote: > > On Fri, Jun 10, 2022 at 11:12 AM Christian Göttsche > <cgzones@googlemail.com> wrote: > > > > The parameter `reason` of `context_struct_compute_av()` is optional and > > can be passed in as NULL, like from `type_attribute_bounds_av()`. > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > Acked-by: James Carter <jwcart2@gmail.com> > Merged. Thanks, Jim > > --- > > libsepol/src/services.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/libsepol/src/services.c b/libsepol/src/services.c > > index d7510e9d..24412d83 100644 > > --- a/libsepol/src/services.c > > +++ b/libsepol/src/services.c > > @@ -894,7 +894,8 @@ static void type_attribute_bounds_av(context_struct_t *scontext, > > /* mask violated permissions */ > > avd->allowed &= ~masked; > > > > - *reason |= SEPOL_COMPUTEAV_BOUNDS; > > + if (reason) > > + *reason |= SEPOL_COMPUTEAV_BOUNDS; > > } > > > > /* > > -- > > 2.36.1 > >
diff --git a/libsepol/src/services.c b/libsepol/src/services.c index d7510e9d..24412d83 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -894,7 +894,8 @@ static void type_attribute_bounds_av(context_struct_t *scontext, /* mask violated permissions */ avd->allowed &= ~masked; - *reason |= SEPOL_COMPUTEAV_BOUNDS; + if (reason) + *reason |= SEPOL_COMPUTEAV_BOUNDS; } /*
The parameter `reason` of `context_struct_compute_av()` is optional and can be passed in as NULL, like from `type_attribute_bounds_av()`. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libsepol/src/services.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)