Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e2e0e097 authored by Gen Zhang's avatar Gen Zhang Committed by Paul Moore
Browse files

selinux: fix a missing-check bug in selinux_add_mnt_opt( ) 



In selinux_add_mnt_opt(), 'val' is allocated by kmemdup_nul(). It returns
NULL when fails. So 'val' should be checked. And 'mnt_opts' should be
freed when error.

Signed-off-by: default avatarGen Zhang <blackgod016574@gmail.com>
Fixes: 757cbe59 ("LSM: new method: ->sb_add_mnt_opt()")
Cc: <stable@vger.kernel.org>
[PM: fixed some indenting problems]
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent aff7ed48

security/selinux/hooks.c

+14 −5
Original line number Diff line number Diff line
@@ -1052,16 +1052,25 @@ static int selinux_add_mnt_opt(const char *option, const char *val, int len, 
	if (token == Opt_error)

		return -EINVAL;



	if (token != Opt_seclabel)

	if (token != Opt_seclabel) {

		val = kmemdup_nul(val, len, GFP_KERNEL);

		if (!val) {

			rc = -ENOMEM;

			goto free_opt;

		}

	}

	rc = selinux_add_opt(token, val, mnt_opts);

	if (unlikely(rc)) {

		kfree(val);

		goto free_opt;

	}

	return rc;



free_opt:

	if (*mnt_opts) {

		selinux_free_mnt_opts(*mnt_opts);

		*mnt_opts = NULL;

	}

	}

	return rc;

}