crtxcr/exile.h
1
0
Fork 0
Code Issues 14 Pull Requests 1 Releases Wiki Activity

landlock_prepare_ruleset(): zero-init landlock structs

Browse Source 
'landlock_ruleset_attr' used to only have a single member. Meanwhile,
depending on linux/headers version, others may be present. So zero-init
the struct, as otherwise we might get 'Invalid argument' return codes,
as those we do not explicitly initialize might contain garbage values.
This commit is contained in:
Albert S. 2024-05-24 13:25:01 +02:00
parent 44b9a17bec
commit 4059c1a093
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
exile.c
View File

@ -1307,7 +1307,7 @@ static unsigned int exile_flags_to_landlock(unsigned int flags, int statmode)
static int landlock_prepare_ruleset(struct exile_path_policy *policies)
{
int ruleset_fd = -1;
struct landlock_ruleset_attr ruleset_attr;
struct landlock_ruleset_attr ruleset_attr = {0};
/* We here want the maximum possible ruleset, so set the var to the max possible bitmask.
Stolen/Adapted from: [linux src]/security/landlock/limits.h
*/
@ -1322,7 +1322,7 @@ static int landlock_prepare_ruleset(struct exile_path_policy *policies)
struct exile_path_policy *policy = policies;
while(policy != NULL)
{
struct landlock_path_beneath_attr path_beneath;
struct landlock_path_beneath_attr path_beneath = {0};
path_beneath.parent_fd = open(policy->path, O_PATH | O_CLOEXEC);
if(path_beneath.parent_fd < 0)
{