Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bf0edf39 authored by Paul Moore's avatar Paul Moore Committed by David S. Miller
Browse files

NetLabel: better error handling involving mls_export_cat() 



Upon inspection it looked like the error handling for mls_export_cat() was
rather poor.  This patch addresses this by NULL'ing out kfree()'d pointers
before returning and checking the return value of the function everywhere
it is called.

Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 044a68ed

security/selinux/ss/ebitmap.c

+6 −2
Original line number Diff line number Diff line
@@ -93,11 +93,15 @@ int ebitmap_export(const struct ebitmap *src, 
	size_t bitmap_byte;

	unsigned char bitmask;



	if (src->highbit == 0) {

		*dst = NULL;

		*dst_len = 0;

		return 0;

	}



	bitmap_len = src->highbit / 8;

	if (src->highbit % 7)

		bitmap_len += 1;

	if (bitmap_len == 0)

		return -EINVAL;



	bitmap = kzalloc((bitmap_len & ~(sizeof(MAPTYPE) - 1)) +

			 sizeof(MAPTYPE),

security/selinux/ss/mls.c

+14 −3
Original line number Diff line number Diff line
@@ -640,8 +640,13 @@ int mls_export_cat(const struct context *context, 
{

	int rc = -EPERM;



	if (!selinux_mls_enabled)

	if (!selinux_mls_enabled) {

		*low = NULL;

		*low_len = 0;

		*high = NULL;

		*high_len = 0;

		return 0;

	}



	if (low != NULL) {

		rc = ebitmap_export(&context->range.level[0].cat,
@@ -661,10 +666,16 @@ int mls_export_cat(const struct context *context, 
	return 0;



export_cat_failure:

	if (low != NULL)

	if (low != NULL) {

		kfree(*low);

	if (high != NULL)

		*low = NULL;

		*low_len = 0;

	}

	if (high != NULL) {

		kfree(*high);

		*high = NULL;

		*high_len = 0;

	}

	return rc;

}

security/selinux/ss/services.c

+10 −8
Original line number Diff line number Diff line
@@ -2399,31 +2399,33 @@ static int selinux_netlbl_socket_setsid(struct socket *sock, u32 sid) 
	if (!ss_initialized)

		return 0;



	netlbl_secattr_init(&secattr);



	POLICY_RDLOCK;



	ctx = sidtab_search(&sidtab, sid);

	if (ctx == NULL)

		goto netlbl_socket_setsid_return;



	netlbl_secattr_init(&secattr);

	secattr.domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1],

				 GFP_ATOMIC);

	mls_export_lvl(ctx, &secattr.mls_lvl, NULL);

	secattr.mls_lvl_vld = 1;

	mls_export_cat(ctx,

	rc = mls_export_cat(ctx,

			    &secattr.mls_cat,

			    &secattr.mls_cat_len,

			    NULL,

			    NULL);

	if (rc != 0)

		goto netlbl_socket_setsid_return;



	rc = netlbl_socket_setattr(sock, &secattr);

	if (rc == 0)

		sksec->nlbl_state = NLBL_LABELED;



	netlbl_secattr_destroy(&secattr);



netlbl_socket_setsid_return:

	POLICY_RDUNLOCK;

	netlbl_secattr_destroy(&secattr);

	return rc;

}