linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Kees Cook <keescook@chromium.org>
To: Wei Yongjun <weiyongjun1@huawei.com>
Cc: James Morris <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Micah Morton <mortonm@chromium.org>,
	linux-security-module <linux-security-module@vger.kernel.org>,
	kernel-janitors@vger.kernel.org
Subject: Re: [PATCH -next] LSM: fix return value check in safesetid_init_securityfs()
Date: Tue, 12 Feb 2019 08:55:00 -0800	[thread overview]
Message-ID: <CAGXu5jLRD49pbatrLPPOtJnGGFT+uT8Uz3OzVo-E0MgZg-NgxA@mail.gmail.com> (raw)
In-Reply-To: <20190212075831.114668-1-weiyongjun1@huawei.com>

On Mon, Feb 11, 2019 at 11:44 PM Wei Yongjun <weiyongjun1@huawei.com> wrote:
>
> In case of error, the function securityfs_create_dir() returns ERR_PTR()
> and never returns NULL. The NULL test in the return value check should
> be replaced with IS_ERR().
>
> Fixes: aeca4e2ca65c ("LSM: add SafeSetID module that gates setid calls")
> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>

Nice catch! Thanks,

Acked-by: Kees Cook <keescook@chromium.org>

-Kees

> ---
>  security/safesetid/securityfs.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/safesetid/securityfs.c b/security/safesetid/securityfs.c
> index 61be4ee459cc..2c6c829be044 100644
> --- a/security/safesetid/securityfs.c
> +++ b/security/safesetid/securityfs.c
> @@ -167,7 +167,7 @@ static int __init safesetid_init_securityfs(void)
>                 return 0;
>
>         safesetid_policy_dir = securityfs_create_dir("safesetid", NULL);
> -       if (!safesetid_policy_dir) {
> +       if (IS_ERR(safesetid_policy_dir)) {
>                 ret = PTR_ERR(safesetid_policy_dir);
>                 goto error;
>         }
>
>
>


-- 
Kees Cook

  reply	other threads:[~2019-02-12 16:55 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-12  7:58 [PATCH -next] LSM: fix return value check in safesetid_init_securityfs() Wei Yongjun
2019-02-12 16:55 ` Kees Cook [this message]
2019-02-12 19:01 ` James Morris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAGXu5jLRD49pbatrLPPOtJnGGFT+uT8Uz3OzVo-E0MgZg-NgxA@mail.gmail.com \
    --to=keescook@chromium.org \
    --cc=jmorris@namei.org \
    --cc=kernel-janitors@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mortonm@chromium.org \
    --cc=serge@hallyn.com \
    --cc=weiyongjun1@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).