summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOndrej Mosnacek <omosnace@redhat.com>2021-05-12 17:32:10 +0300
committerPaul Moore <paul@paul-moore.com>2021-05-14 23:38:19 +0300
commit869cbeef18e5c4370157e733b947d44f37441ea9 (patch)
treefb5bed2397fc5a90fdd06d6ae4c182b6b7f0afa1
parentfd781f459b60522f9fbfa1e125f122cf86d4a45b (diff)
downloadlinux-869cbeef18e5c4370157e733b947d44f37441ea9.tar.xz
lsm_audit,selinux: pass IB device name by reference
While trying to address a Coverity warning that the dev_name string might end up unterminated when strcpy'ing it in selinux_ib_endport_manage_subnet(), I realized that it is possible (and simpler) to just pass the dev_name pointer directly, rather than copying the string to a buffer. The ibendport variable goes out of scope at the end of the function anyway, so the lifetime of the dev_name pointer will never be shorter than that of ibendport, thus we can safely just pass the dev_name pointer and be done with it. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r--include/linux/lsm_audit.h8
-rw-r--r--security/selinux/hooks.c2
2 files changed, 5 insertions, 5 deletions
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index cd23355d2271..17d02eda9538 100644
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -48,13 +48,13 @@ struct lsm_ioctlop_audit {
};
struct lsm_ibpkey_audit {
- u64 subnet_prefix;
- u16 pkey;
+ u64 subnet_prefix;
+ u16 pkey;
};
struct lsm_ibendport_audit {
- char dev_name[IB_DEVICE_NAME_MAX];
- u8 port;
+ const char *dev_name;
+ u8 port;
};
/* Auxiliary data to use in generating the audit record. */
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index eaea837d89d1..fc6a3ab7e179 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6850,7 +6850,7 @@ static int selinux_ib_endport_manage_subnet(void *ib_sec, const char *dev_name,
return err;
ad.type = LSM_AUDIT_DATA_IBENDPORT;
- strncpy(ibendport.dev_name, dev_name, sizeof(ibendport.dev_name));
+ ibendport.dev_name = dev_name;
ibendport.port = port_num;
ad.u.ibendport = &ibendport;
return avc_has_perm(&selinux_state,