From b069c2a3f2b083940d78fd535b6aa83dbc6eea16 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Fri, 6 Dec 2019 15:04:51 +0100 Subject: [PATCH] shared/seccomp: avoid possibly writing bogus errno code in debug log CID 1409488. This code was added in 903659e7b242c3cc897e32835f1918d380b24e5f. The change that is done here is a simple fix to avoid use of a unitialized/wrongly-initialized variable, but the bigger issue is that nothing looks at the returned result to distinguish between 0 and a positive return value. --- src/shared/seccomp-util.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c index 6d42b2d5734..eeca17f3412 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -1583,12 +1583,11 @@ assert_cc(SCMP_SYS(shmdt) > 0); int seccomp_memory_deny_write_execute(void) { uint32_t arch; - int r; - int loaded = 0; + unsigned loaded = 0; SECCOMP_FOREACH_LOCAL_ARCH(arch) { _cleanup_(seccomp_releasep) scmp_filter_ctx seccomp = NULL; - int filter_syscall = 0, block_syscall = 0, shmat_syscall = 0; + int filter_syscall = 0, block_syscall = 0, shmat_syscall = 0, r; log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch)); @@ -1678,12 +1677,13 @@ int seccomp_memory_deny_write_execute(void) { if (ERRNO_IS_SECCOMP_FATAL(r)) return r; if (r < 0) - log_debug_errno(r, "Failed to install MemoryDenyWriteExecute= rule for architecture %s, skipping: %m", seccomp_arch_to_string(arch)); + log_debug_errno(r, "Failed to install MemoryDenyWriteExecute= rule for architecture %s, skipping: %m", + seccomp_arch_to_string(arch)); loaded++; } if (loaded == 0) - log_debug_errno(r, "Failed to install any seccomp rules for MemoryDenyWriteExecute="); + log_debug("Failed to install any seccomp rules for MemoryDenyWriteExecute=."); return loaded; } -- 2.47.3