• John Johansen's avatar
    apparmor: fix '*seclen' is never less than zero · 52e7128e
    John Johansen authored
    smatch warnings:
    security/apparmor/secid.c:162 apparmor_secid_to_secctx() warn: unsigned '*seclen' is never less than zero.
    
    vim +162 security/apparmor/secid.c
    
       140
       141	int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
       142	{
       143		/* TODO: cache secctx and ref count so we don't have to recreate */
       144		struct aa_label *label = aa_secid_to_label(secid);
       145
       146		AA_BUG(!secdata);
       147		AA_BUG(!seclen);
       148
       149		if (!label)
       150			return -EINVAL;
       151
       152		if (secdata)
       153			*seclen = aa_label_asxprint(secdata, root_ns, label,
       154						    FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
       155						    FLAG_HIDDEN_UNCONFINED |
       156						    FLAG_ABS_ROOT, GFP_ATOMIC);
       157		else
       158			*seclen = aa_label_snxprint(NULL, 0, root_ns, label,
       159						    FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
       160						    FLAG_HIDDEN_UNCONFINED |
       161						    FLAG_ABS_ROOT);
     > 162		if (*seclen < 0)
       163			return -ENOMEM;
       164
       165		return 0;
       166	}
       167
    
    Fixes: c0929212 ("apparmor: add support for mapping secids and using secctxes")
    Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
    52e7128e
secid.c 5.37 KB