lsm: don't crash with "undefined" profile in images

If the profile is "undefined" render_lsm_profile doesn't render anything, since there is no need to set a profile. We shouldn't crash in this case. We never hit this bug because we are careful not to put an "undefined" profile into the images. But, if someone else edits the images, we shouldn't crash on restore because of that. Closes #110 Reported-by: Coverity Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>

lsm: don't crash with "undefined" profile in images
If the profile is "undefined" render_lsm_profile doesn't render anything, since there is no need to set a profile. We shouldn't crash in this case. We never hit this bug because we are careful not to put an "undefined" profile into the images. But, if someone else edits the images, we shouldn't crash on restore because of that. Closes #110 Reported-by: Coverity Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
5219c5a3 · Tycho Andersen · Pavel Emelyanov · 7c4a37f5 · 5219c5a3
Commit 5219c5a3 authored Feb 08, 2016 by Tycho Andersen Committed by Pavel Emelyanov Feb 08, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 4 deletions

cr-restore.c cr-restore.c +5 -4

No files found.
--- a/cr-restore.c
+++ b/cr-restore.c
@@ -2830,13 +2830,14 @@ rst_prep_creds_args(CredsEntry *ce, unsigned long *prev_pos)
 		if (validate_lsm(profile) < 0)
 			return ERR_PTR(-EINVAL);

-		if (profile) {
+		if (profile && render_lsm_profile(profile, &rendered)) {
+			return ERR_PTR(-EINVAL);
+		}
+
+		if (rendered) {
 			size_t lsm_profile_len;
 			char *lsm_profile;

-			if (render_lsm_profile(profile, &rendered))
-				return ERR_PTR(-EINVAL);
-
 			args->mem_lsm_profile_pos = rst_mem_cpos(RM_PRIVATE);
 			lsm_profile_len = strlen(rendered);
 			lsm_profile = rst_mem_alloc(lsm_profile_len + 1, RM_PRIVATE);