[PATCH v6 5/7] common: bootm: add policy to commandline
Ahmad Fatoum
a.fatoum at pengutronix.de
Tue Mar 24 07:34:42 PDT 2026
Hello,
On 3/24/26 10:52 AM, Fabian Pflug wrote:
> + if (IS_ENABLED(CONFIG_SECURITY_POLICY) && bootm_data->provide_policy) {
> + char *policy_bootargs;
> + const struct security_policy *active_policy = security_policy_get_active();
if active_policy is set to NULL here
> +
> + if (active_policy && !active_policy->name) {
This is skipped
> + pr_err("Providing policy is enabled but policy has no name\n");
> + ret = -EINVAL;
> + goto err_out;
> + }
> +
> + policy_bootargs = basprintf("barebox.security.policy=%s", active_policy->name);
and here you have a NULL pointer dereference.
Instead you likely want to have
if (!active_policy || !active_policy->name)
Although, I find the active_policy->name check unnecessary as there is
always a name, because sconfigpost always emits one.
Cheers,
Ahmad
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list