** Changed in: linux (Ubuntu Noble)
Status: Confirmed => In Progress
** Description changed:
- Below code is failing while compiling with clang:
+ SRU Justification
+
+ [Impact]
+ In ctnetlink_secctx_size() from net/netfilter/nf_conntrack_netlink.c,
+ `len` is used uninitialized, triggering the following warning when
+ compiling with Clang:
+
+ net/netfilter/nf_conntrack_netlink.c:674:41: warning: variable 'len' is
uninitialized when used here [-Wuninitialized]
+ 674 | + nla_total_size(sizeof(char) * len); /*
CTA_SECCTX_NAME */
+ | ^~~
+ net/netfilter/nf_conntrack_netlink.c:667:9: note: initialize the variable
'len' to silence this warning
+ 667 | int len, ret;
+ | ^
+ | = 0
+
+ [Fix]
+ Match mainline commit 2d470c778120 ("lsm: replace context+len with
lsm_context").
+
+ [Test Plan]
+ Compile with Clang, check the warning is gone and no other warning has been
triggered.
+
+ [Where problems could occur]
+ This patch touches bits of the netlink interface for nf_conntrack. However,
+ it addresses a clear mistake in the current implementation, so no issues
+ should be introduced.
+
+
+ ---------------------------- Original bug report ----------------------------
+
+ Below code is failing while compiling with clang:
static inline int ctnetlink_secctx_size(const struct nf_conn *ct)
{
#ifdef CONFIG_NF_CONNTRACK_SECMARK
- int len, ret;
- ^^^ <-- len is not initialized before use
+ int len, ret;
+ ^^^ <-- len is not initialized before use
- ret = security_secid_to_secctx(ct->secmark, NULL);
- if (ret < 0)
- return 0;
+ ret = security_secid_to_secctx(ct->secmark, NULL);
+ if (ret < 0)
+ return 0;
- return nla_total_size(0) /* CTA_SECCTX */
- + nla_total_size(sizeof(char) * len); /* CTA_SECCTX_NAME */
- ^^^ <-- len has not been
initialized
+ return nla_total_size(0) /* CTA_SECCTX */
+ + nla_total_size(sizeof(char) * len); /* CTA_SECCTX_NAME */
+ ^^^ <-- len has not been
initialized
#else
- return 0;
+ return 0;
#endif
}
Looking into git history I realized that there an incomplete commit of
2d470c778120d3cdb8d8ab250329ca85f49f12b1 (lsm: replace context+len with
lsm_context) causing it:
commit c45f92d3c95e9a242c0b22e2f7f24e4f319391dd
Author: Casey Schaufler <[email protected]>
Date: Tue Dec 12 14:21:57 2023 -0800
- UBUNTU: SAUCE: apparmor4.0.0 [17/90]: LSM stacking v39: LSM: Use
+ UBUNTU: SAUCE: apparmor4.0.0 [17/90]: LSM stacking v39: LSM: Use
lsmcontext in security_secid_to_secctx
- BugLink: http://bugs.launchpad.net/bugs/2028253
+ BugLink: http://bugs.launchpad.net/bugs/2028253
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2120561
Title:
Fix compilation failure because of incomplete backport
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2120561/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
