We don't need to crash the machine in these cases. Let's just detect the
buggy state early and error out with a warning.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
return;
}
- BUG_ON(!sad->tclass || sad->tclass >= ARRAY_SIZE(secclass_map));
perms = secclass_map[sad->tclass-1].perms;
audit_log_string(ab, " {");
kfree(scontext);
}
- BUG_ON(!sad->tclass || sad->tclass >= ARRAY_SIZE(secclass_map));
audit_log_format(ab, " tclass=%s", secclass_map[sad->tclass-1].name);
if (sad->denied)
struct common_audit_data stack_data;
struct selinux_audit_data sad;
+ if (WARN_ON(!tclass || tclass >= ARRAY_SIZE(secclass_map)))
+ return -EINVAL;
+
if (!a) {
a = &stack_data;
a->type = LSM_AUDIT_DATA_NONE;