Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp7845953ybi; Thu, 6 Jun 2019 02:26:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqwFZIFEhZPGDxb+67HzCFhYyVRoB2suNnwuOXrdBvY8QeE5WGJF7WOAtM2mj9z8d6jtx0oM X-Received: by 2002:a17:90a:cd03:: with SMTP id d3mr48074622pju.127.1559813176131; Thu, 06 Jun 2019 02:26:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559813176; cv=none; d=google.com; s=arc-20160816; b=C9B8LlGPEhlXS7DH2eIKPvjtGZn9iVd9D5eUrv9gEMFqA2xslKjji8alupK63Aj/ds xlToq8nSV8/ARQ0s8JjmQqhqyAwaE+YnA5E+mg3lEffD4J7aev2PDvmcMpPX3QUsS5cR oIOcvYmDvhpxilF2yMBuiFBPIxh1mEWagKHsbt6c90kEv0HFVgdZFMauUiKaUqQkX89v AHsknPlnaaQR3GNZFTB6936FJ1541vNOjPOvIRB4DoU8FYXMuKb3ClvhU8hnyhZI6uwm s9qzCwrt+gJNDjJl3C2amrKm9yuuWzxVbV7t/KvUY3B+lLzq5teCb7qjnhM5ADQDatbZ SubQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:content-disposition :mime-version:message-id:subject:cc:to:from:date:dkim-signature; bh=O+5z4ntuwugi22GIdYLSWkg/2i3n1YVE12LtK518dm8=; b=za43KuUIUPfnyR9KRVFUNG+57M/BtH6VyQKkuE15noKv9WTN0ak0v0Wb4g4nYQx4cO iBATpavNSIRa/UZIJ2Tr94PqoJ5Do9VZzBIQUybuFXsZexLzqJ50mvlDtJ0BEue39Okh pHXIFem5aX2DW4oFC7zxQ00oNK5fjWHlACMkc+R0hOL7Opev6bvmzsxmXgm1yjWgcirD HoJ/W/0NaYAp9qYGTudVE0dAQ63+pxyBeet7QdF87gOKlfJc7Br31lnvtvbbo9uHVKOT u6uzE+vmKRodlSSzRxL3oIKpPV80RxcD+w7jK+fo3V35a0uGXWiKd6usz/53r+x+/PUP bMyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=gankvxH1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y19si1550800pgi.587.2019.06.06.02.25.59; Thu, 06 Jun 2019 02:26:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=gankvxH1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727824AbfFFJXv (ORCPT + 99 others); Thu, 6 Jun 2019 05:23:51 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:50708 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727540AbfFFJXv (ORCPT ); Thu, 6 Jun 2019 05:23:51 -0400 Received: by mail-wm1-f68.google.com with SMTP id f204so1660170wme.0; Thu, 06 Jun 2019 02:23:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=O+5z4ntuwugi22GIdYLSWkg/2i3n1YVE12LtK518dm8=; b=gankvxH1paBk1TRo7A5ugeSx/VRzXtByYA1W8dgck+dsa+6pJ6fRxRHqv5xdbiHFHJ 7DLrn0B+QLGVSU/AOqHMIb5uEIC/V+j6XmLwz4B0RjMBd+7O9xZnntLqXcqs/xcU3T+5 CmcCWckQPPo2btsqDg7gSw/JMbXAbj0oG5RQySMalFcsdNHDknJx7MGCftkCMpSF8q4u door876VMoxYlFaMY5PUPaUPenwE2a1I5Of32r4jPVPk0W9+AE/gbZUK6e3la+vwni/Y CuCt39RV/qvPLVQEMd5VGOaLrcK0N2K+f7eG/2N6rHYqN75fuKEkhRb51qSy+PJM9mXy czGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=O+5z4ntuwugi22GIdYLSWkg/2i3n1YVE12LtK518dm8=; b=SPsCD2sFGGzi8VGa6G2dzUCN0evjrjsVXPkTvoi4nJRiGdfGpu+4MU13C7sxtgYFRg MKI20rbhx/cDc+ppwR9l6tVkHLi7rUNX4MLIu6SankkXxfuMqQJev2IidTIPeIzcI32w GRN6byIS2beSqu9PSc8R1HxX2/8DwgrFh8vZo9fSxeQwIfqidh02bruQu9dAMe+uBTSY YK9Ca68sQXd2zzrH1k+Co0yTlm5B5zDqGkiuiCslYGubFGROR2uXexyOGanA0mNInGgH ocWvKCGh88IxF50USY+JhwBtwnTDwCUHC/vYPdrHmA9YNHnDv13JVIaVgWH4O8o78EN4 xLUA== X-Gm-Message-State: APjAAAXJSEmgvBJMz8rrvg9BzfYL7fBVjn65lmSUYLjckqmNM7QRWaNa mjBU2g9wqF5c3fH2By7xCAM= X-Received: by 2002:a1c:c74a:: with SMTP id x71mr25796918wmf.121.1559813029331; Thu, 06 Jun 2019 02:23:49 -0700 (PDT) Received: from zhanggen-UX430UQ ([108.61.173.19]) by smtp.gmail.com with ESMTPSA id j15sm1300940wrn.50.2019.06.06.02.23.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 06 Jun 2019 02:23:48 -0700 (PDT) Date: Thu, 6 Jun 2019 17:23:42 +0800 From: Gen Zhang To: paul@paul-moore.com, sds@tycho.nsa.gov, eparis@parisplace.org Cc: selinux@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3] selinux: lsm: fix a missing-check bug in selinux_add_mnt_opt( ) Message-ID: <20190606092342.GA21672@zhanggen-UX430UQ> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In selinux_add_mnt_opt(), 'val' is allocated by kmemdup_nul(). It returns NULL when fails. So 'val' should be checked. And 'mnt_opts' should be freed when error. Signed-off-by: Gen Zhang Fixes: 757cbe597fe8 ("LSM: new method: ->sb_add_mnt_opt()") --- diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3ec702c..4e4c1c6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1052,15 +1052,23 @@ static int selinux_add_mnt_opt(const char *option, const char *val, int len, if (token == Opt_error) return -EINVAL; - if (token != Opt_seclabel) - val = kmemdup_nul(val, len, GFP_KERNEL); + if (token != Opt_seclabel) { + val = kmemdup_nul(val, len, GFP_KERNEL); + if (!val) { + rc = -ENOMEM; + goto free_opt; + } + } rc = selinux_add_opt(token, val, mnt_opts); if (unlikely(rc)) { kfree(val); - if (*mnt_opts) { - selinux_free_mnt_opts(*mnt_opts); - *mnt_opts = NULL; - } + goto free_opt; + } + return rc; +free_opt: + if (*mnt_opts) { + selinux_free_mnt_opts(*mnt_opts); + *mnt_opts = NULL; } return rc; }