| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAPdGtUwDVtVi5fcHv4HM4GacS_MTaE6b0CxBu1arZS2NEMd1+g@mail.gmail.com>
Date: Sun, 5 Jan 2025 23:22:17 +0530
From: Tanya Agarwal <tanyaagarwal25699@...il.com>
To: Paul Moore <paul@...l-moore.com>
Cc: jmorris@...ei.org, serge@...lyn.com, kees@...nel.org,
yuehaibing@...wei.com, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, matthewgarrett@...gle.com,
skhan@...uxfoundation.org, anupnewsmail@...il.com
Subject: Re: [PATCH v3] lockdown: Initialize array before use
On Sun, Jan 5, 2025 at 11:18 PM Paul Moore <paul@...l-moore.com> wrote:
>
> On Jan 5, 2025 Tanya Agarwal <tanyaagarwal25699@...il.com> wrote:
> >
> > The static code analysis tool "Coverity Scan" pointed the following
> > details out for further development considerations:
> > CID 1486102: Uninitialized scalar variable (UNINIT)
> > uninit_use_in_call: Using uninitialized value *temp when calling
> > strlen.
> >
> > Conclusion:
> > Initialize array before use in lockdown_read() to satisfy the static
> > analyzer.
> >
> > Fixes: 000d388ed3bb ("security: Add a static lockdown policy LSM")
> > Signed-off-by: Tanya Agarwal <tanyaagarwal25699@...il.com>
>
> I removed the 'Fixes:' tag as the code isn't actually broken as we
> discussed in previous iterations of this patch. I also edited the
> subject line and commit description a bit, but otherwise this is
> fine. Merged into lsm/dev.
>
> --
> paul-moore.com
Thank you, Paul.
Regards,
Tanya
Powered by blists - more mailing lists