apparmor: fix '*seclen' is never less than zero

[linux.git] / security / apparmor / secid.c

diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c
index 502924853986853af9f78530a43be37e761b99f1..c2f0c157115636545737baed0521cd4186aa508b 100644 (file)
--- a/security/apparmor/secid.c
+++ b/security/apparmor/secid.c
@@ -142,6 +142,7 @@ int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
 {
        /* TODO: cache secctx and ref count so we don't have to recreate */
        struct aa_label *label = aa_secid_to_label(secid);
+       int len;
 
        AA_BUG(!secdata);
        AA_BUG(!seclen);
@@ -150,18 +151,19 @@ int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
                return -EINVAL;
 
        if (secdata)
-               *seclen = aa_label_asxprint(secdata, root_ns, label,
-                                           FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
-                                           FLAG_HIDDEN_UNCONFINED |
-                                           FLAG_ABS_ROOT, GFP_ATOMIC);
+               len = aa_label_asxprint(secdata, root_ns, label,
+                                       FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
+                                       FLAG_HIDDEN_UNCONFINED | FLAG_ABS_ROOT,
+                                       GFP_ATOMIC);
        else
-               *seclen = aa_label_snxprint(NULL, 0, root_ns, label,
-                                           FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
-                                           FLAG_HIDDEN_UNCONFINED |
-                                           FLAG_ABS_ROOT);
-       if (*seclen < 0)
+               len = aa_label_snxprint(NULL, 0, root_ns, label,
+                                       FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
+                                       FLAG_HIDDEN_UNCONFINED | FLAG_ABS_ROOT);
+       if (len < 0)
                return -ENOMEM;
 
+       *seclen = len;
+
        return 0;
 }