subject:"\[PATCH v2\] hooks\: fix a missing\-check bug in selinux_sb_eat_lsm

Re: [PATCH v2] hooks: fix a missing-check bug in selinux_sb_eat_lsm_opts()

2019-05-31 Thread Gen Zhang

On Fri, May 31, 2019 at 11:45:28AM -0400, Paul Moore wrote:
> On Thu, May 30, 2019 at 9:34 PM Gen Zhang  wrote:
> >
> > In selinux_sb_eat_lsm_opts(), 'arg' is allocated by kmemdup_nul(). It
> > returns NULL when fails. So 'arg' should be checked.
> >
> > Signed-off-by: Gen Zhang 
> > Reviewed-by: Ondrej Mosnacek 
> > Fixes: 99dbbb593fe6 ("selinux: rewrite selinux_sb_eat_lsm_opts()")
> 
> One quick note about the subject line, instead of using "hooks:" you
> should use "selinux:" since this is specific to SELinux.  If the patch
> did apply to the LSM framework as a whole, I would suggest using
> "lsm:" instead of "hooks:" as "hooks" is too ambiguous of a prefix.
> 
> > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> > index 3ec702c..5a9e959 100644
> > --- a/security/selinux/hooks.c
> > +++ b/security/selinux/hooks.c
> > @@ -2635,6 +2635,8 @@ static int selinux_sb_eat_lsm_opts(char *options, 
> > void **mnt_opts)
> > *q++ = c;
> > }
> > arg = kmemdup_nul(arg, q - arg, GFP_KERNEL);
> > +   if (!arg)
> > +   return -ENOMEM;
> 
> It seems like we should also check for, and potentially free *mnt_opts
> as the selinux_add_opt() error handling does just below this change,
> yes?  If that is the case we might want to move that error handling
> code to the bottom of the function and jump there on error.
> 
> > }
> > rc = selinux_add_opt(token, arg, mnt_opts);
> > if (unlikely(rc)) {
> 
> -- 
> paul moore
> www.paul-moore.com
Yes, I agree with that. And I will work on this to resubmit.

Thanks
Gen

Re: [PATCH v2] hooks: fix a missing-check bug in selinux_sb_eat_lsm_opts()

2019-05-31 Thread Paul Moore

On Thu, May 30, 2019 at 9:34 PM Gen Zhang  wrote:
>
> In selinux_sb_eat_lsm_opts(), 'arg' is allocated by kmemdup_nul(). It
> returns NULL when fails. So 'arg' should be checked.
>
> Signed-off-by: Gen Zhang 
> Reviewed-by: Ondrej Mosnacek 
> Fixes: 99dbbb593fe6 ("selinux: rewrite selinux_sb_eat_lsm_opts()")

One quick note about the subject line, instead of using "hooks:" you
should use "selinux:" since this is specific to SELinux.  If the patch
did apply to the LSM framework as a whole, I would suggest using
"lsm:" instead of "hooks:" as "hooks" is too ambiguous of a prefix.

> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 3ec702c..5a9e959 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -2635,6 +2635,8 @@ static int selinux_sb_eat_lsm_opts(char *options, void 
> **mnt_opts)
> *q++ = c;
> }
> arg = kmemdup_nul(arg, q - arg, GFP_KERNEL);
> +   if (!arg)
> +   return -ENOMEM;

It seems like we should also check for, and potentially free *mnt_opts
as the selinux_add_opt() error handling does just below this change,
yes?  If that is the case we might want to move that error handling
code to the bottom of the function and jump there on error.

> }
> rc = selinux_add_opt(token, arg, mnt_opts);
> if (unlikely(rc)) {

-- 
paul moore
www.paul-moore.com

[PATCH v2] hooks: fix a missing-check bug in selinux_sb_eat_lsm_opts()

2019-05-30 Thread Gen Zhang

In selinux_sb_eat_lsm_opts(), 'arg' is allocated by kmemdup_nul(). It
returns NULL when fails. So 'arg' should be checked.

Signed-off-by: Gen Zhang 
Reviewed-by: Ondrej Mosnacek 
Fixes: 99dbbb593fe6 ("selinux: rewrite selinux_sb_eat_lsm_opts()")
---
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3ec702c..5a9e959 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2635,6 +2635,8 @@ static int selinux_sb_eat_lsm_opts(char *options, void 
**mnt_opts)
*q++ = c;
}
arg = kmemdup_nul(arg, q - arg, GFP_KERNEL);
+   if (!arg)
+   return -ENOMEM;
}
rc = selinux_add_opt(token, arg, mnt_opts);
if (unlikely(rc)) {

Re: [PATCH v2] hooks: fix a missing-check bug in selinux_sb_eat_lsm_opts()

2019-05-30 Thread William Roberts

On Thu, May 30, 2019 at 4:52 AM Ondrej Mosnacek  wrote:
>
> On Thu, May 30, 2019 at 10:51 AM Gen Zhang  wrote:
> > In selinux_sb_eat_lsm_opts(), 'arg' is allocated by kmemdup_nul(). It
> > returns NULL when fails. So 'arg' should be checked.
> >
> > Signed-off-by: Gen Zhang 
> > Fixes: 99dbbb593fe6 ("selinux: rewrite selinux_sb_eat_lsm_opts()")
> > ---
> > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> > index 3ec702c..5a9e959 100644
> > --- a/security/selinux/hooks.c
> > +++ b/security/selinux/hooks.c
> > @@ -2635,6 +2635,8 @@ static int selinux_sb_eat_lsm_opts(char *options, 
> > void **mnt_opts)
> > *q++ = c;
> > }
> > arg = kmemdup_nul(arg, q - arg, GFP_KERNEL);
> > +   if (!arg)
> > +   return -ENOMEM;

Yeah -ENOMEM is correct here. Ack by me.

> > }
> > rc = selinux_add_opt(token, arg, mnt_opts);
> > if (unlikely(rc)) {
>
> Looking at the callers of security_sb_eat_lsm_opts() (which is the
> function that eventually calls the selinux_sb_eat_lsm_opts() hook),
> -ENOMEM should be appropriate here.
>
> Reviewed-by: Ondrej Mosnacek 
>
> --
> Ondrej Mosnacek 
> Software Engineer, Security Technologies
> Red Hat, Inc.

Re: [PATCH v2] hooks: fix a missing-check bug in selinux_sb_eat_lsm_opts()

2019-05-30 Thread Ondrej Mosnacek

On Thu, May 30, 2019 at 10:51 AM Gen Zhang  wrote:
> In selinux_sb_eat_lsm_opts(), 'arg' is allocated by kmemdup_nul(). It
> returns NULL when fails. So 'arg' should be checked.
>
> Signed-off-by: Gen Zhang 
> Fixes: 99dbbb593fe6 ("selinux: rewrite selinux_sb_eat_lsm_opts()")
> ---
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 3ec702c..5a9e959 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -2635,6 +2635,8 @@ static int selinux_sb_eat_lsm_opts(char *options, void 
> **mnt_opts)
> *q++ = c;
> }
> arg = kmemdup_nul(arg, q - arg, GFP_KERNEL);
> +   if (!arg)
> +   return -ENOMEM;
> }
> rc = selinux_add_opt(token, arg, mnt_opts);
> if (unlikely(rc)) {

Looking at the callers of security_sb_eat_lsm_opts() (which is the
function that eventually calls the selinux_sb_eat_lsm_opts() hook),
-ENOMEM should be appropriate here.

Reviewed-by: Ondrej Mosnacek 

-- 
Ondrej Mosnacek 
Software Engineer, Security Technologies
Red Hat, Inc.

[PATCH v2] hooks: fix a missing-check bug in selinux_sb_eat_lsm_opts()

2019-05-30 Thread Gen Zhang

In selinux_sb_eat_lsm_opts(), 'arg' is allocated by kmemdup_nul(). It
returns NULL when fails. So 'arg' should be checked.

Signed-off-by: Gen Zhang 
Fixes: 99dbbb593fe6 ("selinux: rewrite selinux_sb_eat_lsm_opts()")
---
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3ec702c..5a9e959 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2635,6 +2635,8 @@ static int selinux_sb_eat_lsm_opts(char *options, void 
**mnt_opts)
*q++ = c;
}
arg = kmemdup_nul(arg, q - arg, GFP_KERNEL);
+   if (!arg)
+   return -ENOMEM;
}
rc = selinux_add_opt(token, arg, mnt_opts);
if (unlikely(rc)) {

Re: [PATCH v2] hooks: fix a missing-check bug in selinux_sb_eat_lsm_opts()

Re: [PATCH v2] hooks: fix a missing-check bug in selinux_sb_eat_lsm_opts()

[PATCH v2] hooks: fix a missing-check bug in selinux_sb_eat_lsm_opts()

Re: [PATCH v2] hooks: fix a missing-check bug in selinux_sb_eat_lsm_opts()

Re: [PATCH v2] hooks: fix a missing-check bug in selinux_sb_eat_lsm_opts()

[PATCH v2] hooks: fix a missing-check bug in selinux_sb_eat_lsm_opts()

6 matches

Site Navigation

Mail list logo

Footer information