* [PATCH 1/3] libsepol: cil: always initialize __cil_permx_to_sepol_class_perms() result
@ 2016-01-31 10:36 Nicolas Iooss
2016-01-31 10:36 ` [PATCH 2/3] libsemanage: initialize bools_modified variable Nicolas Iooss
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Nicolas Iooss @ 2016-01-31 10:36 UTC (permalink / raw)
To: selinux
clang warns that __cil_permx_to_sepol_class_perms() return value, rc,
may be unitialized:
../cil/src/cil_binary.c:4188:9: error: variable 'rc' may be
uninitialized when used here [-Werror,-Wconditional-uninitialized]
return rc;
^~
../cil/src/cil_binary.c:4148:8: note: initialize the variable 'rc'
to silence this warning
int rc;
^
= 0
This theoretically happens when cil_expand_class(permx->obj) returns an
empty list.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
libsepol/cil/src/cil_binary.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
index 433f92e40a8e..47c751c0ef06 100644
--- a/libsepol/cil/src/cil_binary.c
+++ b/libsepol/cil/src/cil_binary.c
@@ -4145,7 +4145,7 @@ exit:
static int __cil_permx_to_sepol_class_perms(policydb_t *pdb, struct cil_permissionx *permx, class_perm_node_t **sepol_class_perms)
{
- int rc;
+ int rc = SEPOL_OK;
struct cil_list *class_list = NULL;
struct cil_list_item *c;
class_datum_t *sepol_obj = NULL;
--
2.7.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/3] libsemanage: initialize bools_modified variable.
2016-01-31 10:36 [PATCH 1/3] libsepol: cil: always initialize __cil_permx_to_sepol_class_perms() result Nicolas Iooss
@ 2016-01-31 10:36 ` Nicolas Iooss
2016-01-31 10:36 ` [PATCH 3/3] libsemanage: move modinfo_tmp definition before goto cleanup Nicolas Iooss
2016-02-01 14:14 ` [PATCH 1/3] libsepol: cil: always initialize __cil_permx_to_sepol_class_perms() result Steve Lawrence
2 siblings, 0 replies; 4+ messages in thread
From: Nicolas Iooss @ 2016-01-31 10:36 UTC (permalink / raw)
To: selinux
In semanage_direct_commit() error path, bools_modified can be used in a
if statement without being initialized (when a "goto cleanup" is taken
early). clang warns about this bug:
direct_api.c:1441:18: error: variable 'bools_modified' may be
uninitialized when used here [-Werror,-Wconditional-uninitialized]
if (modified || bools_modified) {
^~~~~~~~~~~~~~
direct_api.c:1087:48: note: initialize the variable 'bools_modified'
to silence this warning
preserve_tunables_modified, bools_modified,
^
= 0
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
libsemanage/src/direct_api.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 68dd0d18425a..dd621d99295e 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -1076,7 +1076,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
/* Declare some variables */
int modified = 0, fcontexts_modified, ports_modified,
seusers_modified, users_extra_modified, dontaudit_modified,
- preserve_tunables_modified, bools_modified,
+ preserve_tunables_modified, bools_modified = 0,
disable_dontaudit, preserve_tunables;
dbase_config_t *users = semanage_user_dbase_local(sh);
dbase_config_t *users_base = semanage_user_base_dbase_local(sh);
--
2.7.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 3/3] libsemanage: move modinfo_tmp definition before goto cleanup
2016-01-31 10:36 [PATCH 1/3] libsepol: cil: always initialize __cil_permx_to_sepol_class_perms() result Nicolas Iooss
2016-01-31 10:36 ` [PATCH 2/3] libsemanage: initialize bools_modified variable Nicolas Iooss
@ 2016-01-31 10:36 ` Nicolas Iooss
2016-02-01 14:14 ` [PATCH 1/3] libsepol: cil: always initialize __cil_permx_to_sepol_class_perms() result Steve Lawrence
2 siblings, 0 replies; 4+ messages in thread
From: Nicolas Iooss @ 2016-01-31 10:36 UTC (permalink / raw)
To: selinux
In semanage_direct_set_module_info() and semanage_direct_list_all()
functions, when modinfo_tmp variable gets initialized, a branch to
"cleanup" label may have already been taken. This leads to this
variable being possibly used uninitialized in these functions.
This is reported by clang:
direct_api.c:2491:41: error: variable 'modinfo_tmp' may be
uninitialized when used here [-Werror,-Wconditional-uninitialized]
ret = semanage_module_info_destroy(sh, modinfo_tmp);
^~~~~~~~~~~
direct_api.c:2334:2: note: variable 'modinfo_tmp' is declared here
semanage_module_info_t *modinfo_tmp = NULL;
^
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
libsemanage/src/direct_api.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index dd621d99295e..7c84bcea629b 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -2136,6 +2136,7 @@ static int semanage_direct_set_module_info(semanage_handle_t *sh,
char fn[PATH_MAX];
const char *path = NULL;
int enabled = 0;
+ semanage_module_info_t *modinfo_tmp = NULL;
semanage_module_key_t modkey;
ret = semanage_module_key_init(sh, &modkey);
@@ -2144,8 +2145,6 @@ static int semanage_direct_set_module_info(semanage_handle_t *sh,
goto cleanup;
}
- semanage_module_info_t *modinfo_tmp = NULL;
-
/* check transaction */
if (!sh->is_in_transaction) {
if (semanage_begin_transaction(sh) < 0) {
@@ -2316,6 +2315,8 @@ static int semanage_direct_list_all(semanage_handle_t *sh,
uint16_t priority = 0;
+ semanage_module_info_t *modinfo_tmp = NULL;
+
semanage_module_info_t modinfo;
ret = semanage_module_info_init(sh, &modinfo);
if (ret != 0) {
@@ -2323,8 +2324,6 @@ static int semanage_direct_list_all(semanage_handle_t *sh,
goto cleanup;
}
- semanage_module_info_t *modinfo_tmp = NULL;
-
if (sh->is_in_transaction) {
toplevel = semanage_path(SEMANAGE_TMP, SEMANAGE_MODULES);
} else {
--
2.7.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/3] libsepol: cil: always initialize __cil_permx_to_sepol_class_perms() result
2016-01-31 10:36 [PATCH 1/3] libsepol: cil: always initialize __cil_permx_to_sepol_class_perms() result Nicolas Iooss
2016-01-31 10:36 ` [PATCH 2/3] libsemanage: initialize bools_modified variable Nicolas Iooss
2016-01-31 10:36 ` [PATCH 3/3] libsemanage: move modinfo_tmp definition before goto cleanup Nicolas Iooss
@ 2016-02-01 14:14 ` Steve Lawrence
2 siblings, 0 replies; 4+ messages in thread
From: Steve Lawrence @ 2016-02-01 14:14 UTC (permalink / raw)
To: Nicolas Iooss, selinux
On 01/31/2016 05:36 AM, Nicolas Iooss wrote:
> clang warns that __cil_permx_to_sepol_class_perms() return value, rc,
> may be unitialized:
>
> ../cil/src/cil_binary.c:4188:9: error: variable 'rc' may be
> uninitialized when used here [-Werror,-Wconditional-uninitialized]
> return rc;
> ^~
> ../cil/src/cil_binary.c:4148:8: note: initialize the variable 'rc'
> to silence this warning
> int rc;
> ^
> = 0
>
> This theoretically happens when cil_expand_class(permx->obj) returns an
> empty list.
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
All patches applied. Thanks!
- Steve
> ---
> libsepol/cil/src/cil_binary.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
> index 433f92e40a8e..47c751c0ef06 100644
> --- a/libsepol/cil/src/cil_binary.c
> +++ b/libsepol/cil/src/cil_binary.c
> @@ -4145,7 +4145,7 @@ exit:
>
> static int __cil_permx_to_sepol_class_perms(policydb_t *pdb, struct cil_permissionx *permx, class_perm_node_t **sepol_class_perms)
> {
> - int rc;
> + int rc = SEPOL_OK;
> struct cil_list *class_list = NULL;
> struct cil_list_item *c;
> class_datum_t *sepol_obj = NULL;
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-02-01 14:14 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-31 10:36 [PATCH 1/3] libsepol: cil: always initialize __cil_permx_to_sepol_class_perms() result Nicolas Iooss
2016-01-31 10:36 ` [PATCH 2/3] libsemanage: initialize bools_modified variable Nicolas Iooss
2016-01-31 10:36 ` [PATCH 3/3] libsemanage: move modinfo_tmp definition before goto cleanup Nicolas Iooss
2016-02-01 14:14 ` [PATCH 1/3] libsepol: cil: always initialize __cil_permx_to_sepol_class_perms() result Steve Lawrence
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.