lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHC9VhSfvsoWCD1DHFPYhnmWx_cmmapo6vjboS8e=6OZ8ca9gA@mail.gmail.com>
Date:   Thu, 23 Mar 2017 17:44:07 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     SF Markus Elfring <elfring@...rs.sourceforge.net>
Cc:     linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov,
        Eric Paris <eparis@...isplace.org>,
        James Morris <james.l.morris@...cle.com>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        Stephen Smalley <sds@...ho.nsa.gov>,
        William Roberts <william.c.roberts@...el.com>,
        LKML <linux-kernel@...r.kernel.org>,
        kernel-janitors@...r.kernel.org
Subject: Re: [PATCH 10/46] selinux: Move some assignments for the variable
 "rc" in policydb_read()

On Sun, Jan 15, 2017 at 10:10 AM, SF Markus Elfring
<elfring@...rs.sourceforge.net> wrote:
> From: Markus Elfring <elfring@...rs.sourceforge.net>
> Date: Sat, 14 Jan 2017 15:22:29 +0100
>
> One local variable was set to an error code in some cases before
> a concrete error situation was detected. Thus move the corresponding
> assignments into if branches to indicate a software failure there.
>
> Signed-off-by: Markus Elfring <elfring@...rs.sourceforge.net>
> ---
>  security/selinux/ss/policydb.c | 59 +++++++++++++++++++++++++-----------------
>  1 file changed, 35 insertions(+), 24 deletions(-)

More code churn with no real advantage.  I agree with the style you
are using, and would support changing it if you are in the function
fixing bugs or doing other substantial changes in that code, but I
can't justify it as a standalone change, sorry.

> diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
> index 53e6d06e772a..506b0228d1f1 100644
> --- a/security/selinux/ss/policydb.c
> +++ b/security/selinux/ss/policydb.c
> @@ -2250,15 +2250,14 @@ int policydb_read(struct policydb *p, void *fp)
>         if (rc)
>                 goto bad;
>
> -       rc = -EINVAL;
>         if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
>                 printk(KERN_ERR "SELinux:  policydb magic number 0x%x does "
>                        "not match expected magic number 0x%x\n",
>                        le32_to_cpu(buf[0]), POLICYDB_MAGIC);
> +               rc = -EINVAL;
>                 goto bad;
>         }
>
> -       rc = -EINVAL;
>         len = le32_to_cpu(buf[1]);
>         if (len != strlen(POLICYDB_STRING)) {
>                 printk(KERN_ERR "SELinux:  policydb string length %d does not "
> @@ -2265,11 +2265,13 @@ int policydb_read(struct policydb *p, void *fp)
>                        len, strlen(POLICYDB_STRING));
> +               rc = -EINVAL;
>                 goto bad;
>         }
>
> -       rc = -ENOMEM;
>         policydb_str = kmalloc(len + 1, GFP_KERNEL);
> -       if (!policydb_str)
> +       if (!policydb_str) {
> +               rc = -ENOMEM;
>                 goto bad;
> +       }
>
>         rc = next_entry(policydb_str, fp, len);
>         if (rc) {
> @@ -2279,12 +2280,12 @@ int policydb_read(struct policydb *p, void *fp)
>                 goto bad;
>         }
>
> -       rc = -EINVAL;
>         policydb_str[len] = '\0';
>         if (strcmp(policydb_str, POLICYDB_STRING)) {
>                 printk(KERN_ERR "SELinux:  policydb string %s does not match "
>                        "my string %s\n", policydb_str, POLICYDB_STRING);
>                 kfree(policydb_str);
> +               rc = -EINVAL;
>                 goto bad;
>         }
>         /* Done with policydb_str. */
> @@ -2296,24 +2297,24 @@ int policydb_read(struct policydb *p, void *fp)
>         if (rc)
>                 goto bad;
>
> -       rc = -EINVAL;
>         p->policyvers = le32_to_cpu(buf[0]);
>         if (p->policyvers < POLICYDB_VERSION_MIN ||
>             p->policyvers > POLICYDB_VERSION_MAX) {
>                 printk(KERN_ERR "SELinux:  policydb version %d does not match "
>                        "my version range %d-%d\n",
>                        le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
> +               rc = -EINVAL;
>                 goto bad;
>         }
>
>         if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
>                 p->mls_enabled = 1;
>
> -               rc = -EINVAL;
>                 if (p->policyvers < POLICYDB_VERSION_MLS) {
>                         printk(KERN_ERR "SELinux: security policydb version %d "
>                                 "(MLS) not backwards compatible\n",
>                                 p->policyvers);
> +                       rc = -EINVAL;
>                         goto bad;
>                 }
>         }
> @@ -2332,21 +2333,21 @@ int policydb_read(struct policydb *p, void *fp)
>                         goto bad;
>         }
>
> -       rc = -EINVAL;
>         info = policydb_lookup_compat(p->policyvers);
>         if (!info) {
>                 printk(KERN_ERR "SELinux:  unable to find policy compat info "
>                        "for version %d\n", p->policyvers);
> +               rc = -EINVAL;
>                 goto bad;
>         }
>
> -       rc = -EINVAL;
>         if (le32_to_cpu(buf[2]) != info->sym_num ||
>                 le32_to_cpu(buf[3]) != info->ocon_num) {
>                 printk(KERN_ERR "SELinux:  policydb table sizes (%d,%d) do "
>                        "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
>                         le32_to_cpu(buf[3]),
>                        info->sym_num, info->ocon_num);
> +               rc = -EINVAL;
>                 goto bad;
>         }
>
> @@ -2365,10 +2366,11 @@ int policydb_read(struct policydb *p, void *fp)
>                 p->symtab[i].nprim = nprim;
>         }
>
> -       rc = -EINVAL;
>         p->process_class = string_to_security_class(p, "process");
> -       if (!p->process_class)
> +       if (!p->process_class) {
> +               rc = -EINVAL;
>                 goto bad;
> +       }
>
>         rc = avtab_read(&p->te_avtab, fp, p);
>         if (rc)
> @@ -2386,10 +2388,12 @@ int policydb_read(struct policydb *p, void *fp)
>         nel = le32_to_cpu(buf[0]);
>         ltr = NULL;
>         for (i = 0; i < nel; i++) {
> -               rc = -ENOMEM;
>                 tr = kzalloc(sizeof(*tr), GFP_KERNEL);
> -               if (!tr)
> +               if (!tr) {
> +                       rc = -ENOMEM;
>                         goto bad;
> +               }
> +
>                 if (ltr)
>                         ltr->next = tr;
>                 else
> @@ -2398,7 +2402,6 @@ int policydb_read(struct policydb *p, void *fp)
>                 if (rc)
>                         goto bad;
>
> -               rc = -EINVAL;
>                 tr->role = le32_to_cpu(buf[0]);
>                 tr->type = le32_to_cpu(buf[1]);
>                 tr->new_role = le32_to_cpu(buf[2]);
> @@ -2410,12 +2413,14 @@ int policydb_read(struct policydb *p, void *fp)
>                 } else
>                         tr->tclass = p->process_class;
>
> -               rc = -EINVAL;
>                 if (!policydb_role_isvalid(p, tr->role) ||
>                     !policydb_type_isvalid(p, tr->type) ||
>                     !policydb_class_isvalid(p, tr->tclass) ||
> -                   !policydb_role_isvalid(p, tr->new_role))
> +                   !policydb_role_isvalid(p, tr->new_role)) {
> +                       rc = -EINVAL;
>                         goto bad;
> +               }
> +
>                 ltr = tr;
>         }
>
> @@ -2425,10 +2430,12 @@ int policydb_read(struct policydb *p, void *fp)
>         nel = le32_to_cpu(buf[0]);
>         lra = NULL;
>         for (i = 0; i < nel; i++) {
> -               rc = -ENOMEM;
>                 ra = kzalloc(sizeof(*ra), GFP_KERNEL);
> -               if (!ra)
> +               if (!ra) {
> +                       rc = -ENOMEM;
>                         goto bad;
> +               }
> +
>                 if (lra)
>                         lra->next = ra;
>                 else
> @@ -2437,12 +2444,14 @@ int policydb_read(struct policydb *p, void *fp)
>                 if (rc)
>                         goto bad;
>
> -               rc = -EINVAL;
>                 ra->role = le32_to_cpu(buf[0]);
>                 ra->new_role = le32_to_cpu(buf[1]);
>                 if (!policydb_role_isvalid(p, ra->role) ||
> -                   !policydb_role_isvalid(p, ra->new_role))
> +                   !policydb_role_isvalid(p, ra->new_role)) {
> +                       rc = -EINVAL;
>                         goto bad;
> +               }
> +
>                 lra = ra;
>         }
>
> @@ -2454,11 +2463,12 @@ int policydb_read(struct policydb *p, void *fp)
>         if (rc)
>                 goto bad;
>
> -       rc = -EINVAL;
>         p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition");
>         p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition");
> -       if (!p->process_trans_perms)
> +       if (!p->process_trans_perms) {
> +               rc = -EINVAL;
>                 goto bad;
> +       }
>
>         rc = ocontext_read(p, info, fp);
>         if (rc)
> @@ -2472,12 +2482,13 @@ int policydb_read(struct policydb *p, void *fp)
>         if (rc)
>                 goto bad;
>
> -       rc = -ENOMEM;
>         p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap),
>                                                   p->p_types.nprim,
>                                                   GFP_KERNEL | __GFP_ZERO);
> -       if (!p->type_attr_map_array)
> +       if (!p->type_attr_map_array) {
> +               rc = -ENOMEM;
>                 goto bad;
> +       }
>
>         /* preallocate so we don't have to worry about the put ever failing */
>         rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim,
> --
> 2.11.0
>



-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ