diff mbox series

[v1] selinux/ss/services.c: check the return value of audit_log_start() in security_sid_mls_copy()

Message ID 20220820082606.953886-1-floridsleeves@gmail.com (mailing list archive)
State Rejected
Delegated to: Paul Moore
Headers show
Series [v1] selinux/ss/services.c: check the return value of audit_log_start() in security_sid_mls_copy() | expand

Commit Message

Li Zhong Aug. 20, 2022, 8:26 a.m. UTC 
The function audit_log_start() can fail, so its return value should be
checked against NULL. 

Signed-off-by: Li Zhong <floridsleeves@gmail.com>
---
 security/selinux/ss/services.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

Paul Moore Aug. 20, 2022, 2:19 p.m. UTC | #1 
On Sat, Aug 20, 2022 at 4:26 AM lily <floridsleeves@gmail.com> wrote:
>
> The function audit_log_start() can fail, so its return value should be
> checked against NULL.
>
> Signed-off-by: Li Zhong <floridsleeves@gmail.com>
> ---
>  security/selinux/ss/services.c | 3 +++
>  1 file changed, 3 insertions(+)

audit_log_start() can safely return NULL as the audit_log_*()
functions are designed to handle a NULL audit_buffer.  This is an
expected behavior and not a bug.
diff mbox series

Patch

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index fe5fcf571c56..41d4c4ed93b7 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -3271,6 +3271,9 @@  int security_sid_mls_copy(struct selinux_state *state,
 				ab = audit_log_start(audit_context(),
 						     GFP_ATOMIC,
 						     AUDIT_SELINUX_ERR);
+				if (!ab)
+					goto out_unlock;
+
 				audit_log_format(ab,
 						 "op=security_sid_mls_copy invalid_context=");
 				/* don't record NUL with untrusted strings */