summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorTom Rix <trix@redhat.com>2020-06-17 14:40:28 +0200
committerPaul Moore <paul@paul-moore.com>2020-06-17 23:36:40 +0200
commit8231b0b9c322c894594fb42eb0eb9f93544a6acc (patch)
tree69b85357797d0afd34707c655783a036cae386ec /security
parentselinux: fix a double free in cond_read_node()/cond_read_list() (diff)
downloadlinux-8231b0b9c322c894594fb42eb0eb9f93544a6acc.tar.xz
linux-8231b0b9c322c894594fb42eb0eb9f93544a6acc.zip
selinux: fix undefined return of cond_evaluate_expr
clang static analysis reports an undefined return security/selinux/ss/conditional.c:79:2: warning: Undefined or garbage value returned to caller [core.uninitialized.UndefReturn] return s[0]; ^~~~~~~~~~~ static int cond_evaluate_expr( ... { u32 i; int s[COND_EXPR_MAXDEPTH]; for (i = 0; i < expr->len; i++) ... return s[0]; When expr->len is 0, the loop which sets s[0] never runs. So return -1 if the loop never runs. Cc: stable@vger.kernel.org Signed-off-by: Tom Rix <trix@redhat.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/ss/conditional.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index 4867dfc5337a..7a92b028f722 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -27,6 +27,9 @@ static int cond_evaluate_expr(struct policydb *p, struct cond_expr *expr)
int s[COND_EXPR_MAXDEPTH];
int sp = -1;
+ if (expr->len == 0)
+ return -1;
+
for (i = 0; i < expr->len; i++) {
struct cond_expr_node *node = &expr->nodes[i];