[apparmor] [bug report] AppArmor: Add selfattr hooks
Dan Carpenter
dan.carpenter at linaro.org
Mon Oct 30 08:45:43 UTC 2023
Hello Casey Schaufler,
The patch 3c3bda37ca1d: "AppArmor: Add selfattr hooks" from Sep 12,
2023 (linux-next), leads to the following Smatch static checker
warning:
security/apparmor/lsm.c:817 apparmor_getselfattr()
error: uninitialized symbol 'value'.
security/apparmor/lsm.c
779 static int apparmor_getselfattr(unsigned int attr, struct lsm_ctx __user *lx,
780 size_t *size, u32 flags)
781 {
782 int error = -ENOENT;
783 struct aa_task_ctx *ctx = task_ctx(current);
784 struct aa_label *label = NULL;
785 size_t total_len = 0;
786 char *value;
787
788 switch (attr) {
789 case LSM_ATTR_CURRENT:
790 label = aa_get_newest_label(cred_label(current_cred()));
791 break;
792 case LSM_ATTR_PREV:
793 if (ctx->previous)
794 label = aa_get_newest_label(ctx->previous);
795 break;
796 case LSM_ATTR_EXEC:
797 if (ctx->onexec)
798 label = aa_get_newest_label(ctx->onexec);
799 break;
800 default:
801 error = -EOPNOTSUPP;
802 break;
803 }
804
805 if (label) {
806 error = aa_getprocattr(label, &value, false);
"value" is uninitialized on the first -EACCESS error path.
807 if (error > 0) {
808 total_len = ALIGN(struct_size(lx, ctx, error), 8);
809 if (total_len > *size)
810 error = -E2BIG;
811 else if (lx)
812 error = lsm_fill_user_ctx(lx, value, error,
813 LSM_ID_APPARMOR, 0);
814 else
815 error = 1;
816 }
--> 817 kfree(value);
^^^^^
Uninitialized
818 }
819
820 aa_put_label(label);
821
822 *size = total_len;
823 if (error < 0)
824 return error;
825 return 1;
826 }
regards,
dan carpenter
More information about the AppArmor
mailing list