Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp4494823imm; Mon, 30 Jul 2018 16:05:33 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdUmT4msoJgQxqb4n+YWMiay8rn4bTMEy07EU4ZpJ34v1gwkE3MSCySNMTsabQ4IDOovKx3 X-Received: by 2002:a63:6fcc:: with SMTP id k195-v6mr18187596pgc.135.1532991933880; Mon, 30 Jul 2018 16:05:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532991933; cv=none; d=google.com; s=arc-20160816; b=wSoryvezdDZwwzoY6VRBtBuXnW9UZ6wW6novDaE2NJdy0Yastv4r1RyiYE9dFpMHVw dndvhEUjVvEtwvJT0zGRKJBPctJhYKqcktoiKEvDX/zXyBM7uwiS46TvHDHu6PuXbxGV BvIPkkOca+AKdRkcckR8ZfAVGj1Td3wmIIpDYgtwM8V0SBcPRUrP96dbOcWNZWSRv+0G fCCroAo1PGFo4xRaX7S/WNb+JNDUzgK780vHUKB9YBAYonzR4TyL3HIZBCyUc/dyeDYk ASX5F6NhHi82YqIe9lL28r2Ho0aSr/WA66qUwewBNpNZN9Njw5tr5UteqNv4Gs7YzlGC zclQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=B5eAxge3UX1cjtPEnMODz+hkFYEF7XI/MZyOJ8LnakI=; b=UNnHjW7pVlv9qQxxQZhp/SuvRB5vg6DakF7UQwqb55k0Rcw0LuBA/giRBAGSS0i8EQ 1GYGogRxWpugNh60cxiKZGlYaCEZGbJ7exXb1/2HYL/1Ofl5mIIOBSkOTBFajoiH6UId dT8edO7tr9tRjBv/Hqm0Qh6EYwOO05MSbjq9xLBukWCCuJOoXpxKXB82WXyBv2Xuwz0g Qx+DmmNo4LkAK3jpx0INWFzGx8g6BEm5Ed18y4LUp2p9/wg3i1He0hVSTvp0ThEHvuQq Nn+wwfPvDOROb9adNB3kT8UZAB5FfzsbsGa40uayuIjTSWjFsdlLnTjD0rpB9vliPiBN +qpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=kOGoh+5o; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l7-v6si11687340pgm.677.2018.07.30.16.05.19; Mon, 30 Jul 2018 16:05:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=kOGoh+5o; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732048AbeGaAlq (ORCPT + 99 others); Mon, 30 Jul 2018 20:41:46 -0400 Received: from mail-lj1-f193.google.com ([209.85.208.193]:36428 "EHLO mail-lj1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727063AbeGaAlp (ORCPT ); Mon, 30 Jul 2018 20:41:45 -0400 Received: by mail-lj1-f193.google.com with SMTP id u7-v6so12002344lji.3 for ; Mon, 30 Jul 2018 16:04:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=B5eAxge3UX1cjtPEnMODz+hkFYEF7XI/MZyOJ8LnakI=; b=kOGoh+5oOk0ZDFxvYvm/96XFdzmKe+v5g2qt9lYCQqMmFiSpdOg0vZZfc8FxjsZVYg Hg3hRqMFvrAK04oz9HVep2Dt+CFAYyXeF5fbtvU5a7jbixvu4AflsPmD3IeH4q3jwZod PR1441mdO/b1i6b4AUcx/QosebKrnsgTCzhNlc5j1pgHTc86HlDRnP4nHPd3yeldLqpv GopUZXaaHM+0JWamVTcfjyblHDjxsNYY5TOwZXGrIgZ3iQ+uy30i5wfyLyYzofx1bgs0 0v6NXOxAMO9pSQbvCK3/JnkuojdPXJ7E2rFiGe9F4S0iehDx/dcf2uBPmAMCpTZGm3ao BRmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=B5eAxge3UX1cjtPEnMODz+hkFYEF7XI/MZyOJ8LnakI=; b=ToHTGTFcrdSCoIIsFnjxZw6PNfOQ7J3SMxw43f5mIWXNYM4gUhQ8iILZZteY7Q6CS3 9sshxAvlWQn0BhRBPiRgMH9JIkaNnW2NeFlv7r5C96ek0fasJbXhj+u5cvHHFEClJSbC uh/MitnLk7/ZszTfr9x9VYZLzR0mjYsTKZWYjn8UOMjsKh0JiE/oTpxgadgakFuAbege lZqtFt51BGVWO0TNEBjfeCfyyul4rqLb63bsFzstrO2XJt5/fAc39vo6wQ+UNjLcbY+E Hl7z8oPz884mV59dETtmFt2gAoUnYcx67cG+gKJUsGZGeK5tx8la04Oxe9xAE2z0JI4m gAig== X-Gm-Message-State: AOUpUlFe10fI3ax/DnsMjKGNqt+PFlbXVQ4v7AudxPmeYQxwcQBKEkq6 DE0fPVZd/lxkIRdzTDxrpYwlPi4a9zAgxaB/gZ/h X-Received: by 2002:a2e:291c:: with SMTP id u28-v6mr13757926lje.70.1532991869729; Mon, 30 Jul 2018 16:04:29 -0700 (PDT) MIME-Version: 1.0 References: <1532485579-34431-1-git-send-email-wang.yi59@zte.com.cn> In-Reply-To: <1532485579-34431-1-git-send-email-wang.yi59@zte.com.cn> From: Paul Moore Date: Mon, 30 Jul 2018 19:04:18 -0400 Message-ID: Subject: Re: [PATCH v2] audit: fix potential null dereference 'context->module.name' To: wang.yi59@zte.com.cn Cc: Eric Paris , linux-audit@redhat.com, linux-kernel@vger.kernel.org, jiang.biao2@zte.com.cn, zhong.weidong@zte.com.cn Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 24, 2018 at 10:28 PM Yi Wang wrote: > The variable 'context->module.name' may be null pointer when > kmalloc return null, so it's better to check it before using > to avoid null dereference. > Another one more thing this patch does is using kstrdup instead > of (kmalloc + strcpy), and signal a lost record via audit_log_lost. > > Signed-off-by: Yi Wang > Reviewed-by: Jiang Biao > --- > v2: use kstrdup instead of kmalloc + strcpy, and signal a lost > record. Thanks to Eric and Paul. > > kernel/auditsc.c | 13 +++++++++---- > 1 file changed, 9 insertions(+), 4 deletions(-) Thanks, this looks good to me. I'm also going to tag this for -stable. I'm building a test kernel right now and if all goes well I'll send this up to Linus for v4.18; if he doesn't pull it for v4.18 I'll add this to the audit/next branch. > diff --git a/kernel/auditsc.c b/kernel/auditsc.c > index e80459f..713386a 100644 > --- a/kernel/auditsc.c > +++ b/kernel/auditsc.c > @@ -1272,8 +1272,12 @@ static void show_special(struct audit_context *context, int *call_panic) > break; > case AUDIT_KERN_MODULE: > audit_log_format(ab, "name="); > - audit_log_untrustedstring(ab, context->module.name); > - kfree(context->module.name); > + if (context->module.name) { > + audit_log_untrustedstring(ab, context->module.name); > + kfree(context->module.name); > + } else > + audit_log_format(ab, "(null)"); > + > break; > } > audit_log_end(ab); > @@ -2408,8 +2412,9 @@ void __audit_log_kern_module(char *name) > { > struct audit_context *context = current->audit_context; > > - context->module.name = kmalloc(strlen(name) + 1, GFP_KERNEL); > - strcpy(context->module.name, name); > + context->module.name = kstrdup(name, GFP_KERNEL); > + if (!context->module.name) > + audit_log_lost("out of memory in __audit_log_kern_module"); > context->type = AUDIT_KERN_MODULE; > } > > -- > 1.8.3.1 > -- paul moore www.paul-moore.com