From: Kees Cook <keescook@chromium.org>
To: Wei Yongjun <weiyongjun1@huawei.com>
Cc: James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Micah Morton <mortonm@chromium.org>,
linux-security-module <linux-security-module@vger.kernel.org>,
kernel-janitors@vger.kernel.org
Subject: Re: [PATCH -next] LSM: fix return value check in safesetid_init_securityfs()
Date: Tue, 12 Feb 2019 08:55:00 -0800 [thread overview]
Message-ID: <CAGXu5jLRD49pbatrLPPOtJnGGFT+uT8Uz3OzVo-E0MgZg-NgxA@mail.gmail.com> (raw)
In-Reply-To: <20190212075831.114668-1-weiyongjun1@huawei.com>
On Mon, Feb 11, 2019 at 11:44 PM Wei Yongjun <weiyongjun1@huawei.com> wrote:
>
> In case of error, the function securityfs_create_dir() returns ERR_PTR()
> and never returns NULL. The NULL test in the return value check should
> be replaced with IS_ERR().
>
> Fixes: aeca4e2ca65c ("LSM: add SafeSetID module that gates setid calls")
> Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Nice catch! Thanks,
Acked-by: Kees Cook <keescook@chromium.org>
-Kees
> ---
> security/safesetid/securityfs.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/security/safesetid/securityfs.c b/security/safesetid/securityfs.c
> index 61be4ee459cc..2c6c829be044 100644
> --- a/security/safesetid/securityfs.c
> +++ b/security/safesetid/securityfs.c
> @@ -167,7 +167,7 @@ static int __init safesetid_init_securityfs(void)
> return 0;
>
> safesetid_policy_dir = securityfs_create_dir("safesetid", NULL);
> - if (!safesetid_policy_dir) {
> + if (IS_ERR(safesetid_policy_dir)) {
> ret = PTR_ERR(safesetid_policy_dir);
> goto error;
> }
>
>
>
--
Kees Cook
next prev parent reply other threads:[~2019-02-12 16:55 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-12 7:58 [PATCH -next] LSM: fix return value check in safesetid_init_securityfs() Wei Yongjun
2019-02-12 16:55 ` Kees Cook [this message]
2019-02-12 19:01 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGXu5jLRD49pbatrLPPOtJnGGFT+uT8Uz3OzVo-E0MgZg-NgxA@mail.gmail.com \
--to=keescook@chromium.org \
--cc=jmorris@namei.org \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mortonm@chromium.org \
--cc=serge@hallyn.com \
--cc=weiyongjun1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).