Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp6701imm; Tue, 24 Jul 2018 12:57:41 -0700 (PDT) X-Google-Smtp-Source: AAOMgpc9WAQZbE5ncp8iWuPwFKIZNJPMwE56H7GPJUVRY+Olj4dSCGv8hXrr7KIp1uZS5EhL1ocD X-Received: by 2002:a63:e355:: with SMTP id o21-v6mr17950151pgj.251.1532462261588; Tue, 24 Jul 2018 12:57:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532462261; cv=none; d=google.com; s=arc-20160816; b=vYV28D3o+rAEqeZ4793wjH2lrBhFncH2bE2Wpq1RVWPa52zxrsvW18LyGvm3WL7eZO 053OFwLpumL51ZC2C2sHFt8CcTu3KdWuj/bDL4FuD8HlV+gllp08SKU894zsox6Qy1jf HxW3IfimUPTnFzzs+xTHyMmdhERlejhSWZhNGB2OqftUAD1UN7RaCZ66JCovoQUx+/9K PBxD98Jl/d1GVPHTO+pDjsVd4xJwtL3yeJ5b6MGOcHh+bc4R4G36ARooRpbnck+PnYl4 RoTkdFBPV7k/7QCNE8Bcv8W2R0WRXFixfjfqjUAX/LKOseq4SC+78uU6KpS2GJF12U/S 3FLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=eE8nwzTxFQR1H/VDYi57q7ALnBHLGOMnmP2dh5LlHSk=; b=EP6xLFS3b0U4m9KILN40hm84u0egEqVNJ8XK619ILNZJRw/hpHYKCaOr87Hb6un1E5 fxW2RGcu9xxwZzCkf4gLlu9HM6wp4vPMy/EbUcCwKQs3eK0yyTMgkNlG3A9UAykHiLAo JPBcsZQJ5uxPdViZ9QXdqy5CbNRIDGEo3xnFmh3D8KEqzNgZnigzGNqwy/4XJ+hCDGZ4 OvlnIsHB+B7O3bPkBIhPRH9DbKcv6c6lFdipE4aanjzQG1VFfjXRWd+o3qyZHDxeeZTb XOgxVdLd4KYUUejvX66pLrkAKNpW5x7tLPWbwFO4MxMjQCfXp8fPljYT0X+we9k03ocY zXCw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=0Ifayw1R; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 23-v6si12424625pge.589.2018.07.24.12.57.26; Tue, 24 Jul 2018 12:57:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=0Ifayw1R; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388663AbeGXVEK (ORCPT + 99 others); Tue, 24 Jul 2018 17:04:10 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:35743 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2388607AbeGXVEK (ORCPT ); Tue, 24 Jul 2018 17:04:10 -0400 Received: by mail-lj1-f195.google.com with SMTP id p10-v6so4652075ljg.2 for ; Tue, 24 Jul 2018 12:56:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eE8nwzTxFQR1H/VDYi57q7ALnBHLGOMnmP2dh5LlHSk=; b=0Ifayw1RHQiS98hk5aD7t1jgg3McxSxUHwozS0FszLIPGi5bOctlOFSFGxI2asHIcp 2+bzQcURNwcJiNjswfiAhZ0wEt3IZxC5tkIZ5it5dik4Fvdf5PZYBIs0EDWW53pQLYqh kxMXiubJWew1WhyEOGAg+G3C4vKFEKowWyLwdfN4S/PDFXRGUPfAsT60PRGzbN9EXho5 Sil5X2BZW+84zm3S139ZsHyrH2CCpAVzL7mitvl2N/biicjzRO+71tXrH9kd6YMijNia kYtk9VxRUPMffccqeQsbf7mBYKhXzhynkK2RFfqLevD+u8ielgcgASvALl8ITMDz8EJ4 qz/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eE8nwzTxFQR1H/VDYi57q7ALnBHLGOMnmP2dh5LlHSk=; b=QmVgRRMGaHjYAprreCn73ifcDel27RTEpvnyqqkD8ap1pWUdhvpmjLwpvHxdB0d15q I5ih4hHvCvex4+AJTW9ZhCrhKFmuOu2rPvwCX3rbkocE9ngwj1vu1PHtAOxZJJdjXNHY JqF1+86l+akidDhRQTdPMftAKZmvuhWcofjorNtVoaTFl71ot1reAHAGdyG6jO+uw55n qehIuOOMQVS6szNOaIMQQV2ImsbqvKP3fh2ry+zuTZ8hUtEjatSy55M+czrYtBJOPVUS 8Brcyl4EkoxhuKY7sUvNhMjoqe3WCtsYe+SxMgM/BwXocNoiaVJRvM0LoebpZXpLnJfL 8cCg== X-Gm-Message-State: AOUpUlHGxEC6SDDGHWmGTiRfqc+NxuSmQdQG5GYwIqS8jW9l1kTmzdeA kjBYGxtMXAH+AkaUb/1/rxJQkUtlAOujTYtKmS6/ X-Received: by 2002:a2e:8807:: with SMTP id x7-v6mr12779366ljh.98.1532462166405; Tue, 24 Jul 2018 12:56:06 -0700 (PDT) MIME-Version: 1.0 References: <1532411834-33775-1-git-send-email-wang.yi59@zte.com.cn> <450ab68cc6b7cebbf1b6292e3140932ea1ac9e57.camel@redhat.com> In-Reply-To: <450ab68cc6b7cebbf1b6292e3140932ea1ac9e57.camel@redhat.com> From: Paul Moore Date: Tue, 24 Jul 2018 15:55:55 -0400 Message-ID: Subject: Re: [PATCH] audit: fix potential null dereference 'context->module.name' To: Eric Paris , wang.yi59@zte.com.cn Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org, jiang.biao2@zte.com.cn, zhong.weidong@zte.com.cn Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 24, 2018 at 7:39 AM Eric Paris wrote: > Would it make more sense to actually check for failure on allocation > rather than try to remember to deal with it later? How about we just > have audit_log_kern_module return an error and fail if we are OOM? Generally I agree, checking on allocation is the right thing to do. However, in this particular case the error recovery for a failed allocation would likely ignore the record entirely, and I think a module load record with a "(null)" module name is still better than no module load record at all ... and yes, I understand that if the module name allocation fails there is a good chance other allocations will fail and we might not emit the record, but I'll take my chances that the load is transient and the system is able to recover in a timely manner. > (also this seems like a good place to use kstrdup, instead of > kmalloc+strcpy) Yes, I agree. Yi Wang, could you submit a v2 of this patch using kstrdup()? > On Tue, 2018-07-24 at 13:57 +0800, Yi Wang wrote: > > The variable 'context->module.name' may be null pointer when > > kmalloc return null, so it's better to check it before using > > to avoid null dereference. > > > > Signed-off-by: Yi Wang > > Reviewed-by: Jiang Biao > > --- > > kernel/auditsc.c | 11 ++++++++--- > > 1 file changed, 8 insertions(+), 3 deletions(-) > > > > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > > index e80459f..4830b83 100644 > > --- a/kernel/auditsc.c > > +++ b/kernel/auditsc.c > > @@ -1272,8 +1272,12 @@ static void show_special(struct audit_context > > *context, int *call_panic) > > break; > > case AUDIT_KERN_MODULE: > > audit_log_format(ab, "name="); > > - audit_log_untrustedstring(ab, context->module.name); > > - kfree(context->module.name); > > + if (context->module.name) { > > + audit_log_untrustedstring(ab, context- > > >module.name); > > + kfree(context->module.name); > > + } else > > + audit_log_format(ab, "(null)"); > > + > > break; > > } > > audit_log_end(ab); > > @@ -2409,7 +2413,8 @@ void __audit_log_kern_module(char *name) > > struct audit_context *context = current->audit_context; > > > > context->module.name = kmalloc(strlen(name) + 1, GFP_KERNEL); > > - strcpy(context->module.name, name); > > + if (context->module.name) > > + strcpy(context->module.name, name); > > context->type = AUDIT_KERN_MODULE; > > } > > -- paul moore www.paul-moore.com