Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp9036932ybi; Fri, 7 Jun 2019 02:28:31 -0700 (PDT) X-Google-Smtp-Source: APXvYqxT5sy9tDISLUz6AUknnXfoKNCdrU+JlUgpVAwCmYMP4MEAqIgueGwF+T4dfEhKYMQQnGLE X-Received: by 2002:a65:5a42:: with SMTP id z2mr1896508pgs.421.1559899710857; Fri, 07 Jun 2019 02:28:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559899710; cv=none; d=google.com; s=arc-20160816; b=yUuu2+2/7eX2vNz4jusYuoyQ4YOmn8k2m7WeNqv7DyBs1uWZQ4kbsWBDcZNlN15CrK GOxkIF8UDiVoPB8Ck4DrZNlHU04Pr6gXhGMVsFkfOm5pQwrbCkRsNynVSJvEcm47T/nW OndbEOn6nv21gPQV7GiAuHc3T5vyPeZBtQzkZ5sueaTgzKRnX9S14j9AQhmkB4lp/Ich 7mLSOuTGY8jujAdmvdANvuvdUM207DJTxnggmEMrKhNYdGwhkPjSLWTJxi2DZqB3O1ia WDWJIsfE+THzr0bRXKr7NriI6DAZnBrkGA+Vgl7E71rjD+motkg/ZIUvPLgMZDFyShg8 HwOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=uhRDnyMcoVrM+CY+5h3V1Bjl6TjB4Im0OP5MymJVl50=; b=gMSCJXmGp1rV88EjE+PVrYI2dYeR1LTflUdmZvCnmRgB4LC5ytlFKmLqCeRmPCIiIS qcPxVyM6QHtQ/c7IMSepLyGZMRw4psj1FQYT8mwed4CDUY9Wdlw0bTxV01lOFPA6RcD5 DNYnKYMo1lTwFVLpNZniLySADDxh2rS/o117X0psDVewmeZtX9IYMaiRuSkBzvO9cAvK 5fTV2eHKR2SXS0z7fdsmUf/dES4fMIKoeu53+AnGOSirFtXHqwY9JF005pRUU/GJqYrX dkjzB/9yjYa8d1IGF7hCv5XGeHnHeybg+3tgTM0oFbZe39nqRG9+y4lK0TyqQHtsERa7 FFKA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w5si1271668pjt.86.2019.06.07.02.28.13; Fri, 07 Jun 2019 02:28:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727436AbfFGIl2 (ORCPT + 99 others); Fri, 7 Jun 2019 04:41:28 -0400 Received: from mail-ot1-f67.google.com ([209.85.210.67]:36974 "EHLO mail-ot1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726829AbfFGIl2 (ORCPT ); Fri, 7 Jun 2019 04:41:28 -0400 Received: by mail-ot1-f67.google.com with SMTP id r10so1140968otd.4 for ; Fri, 07 Jun 2019 01:41:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uhRDnyMcoVrM+CY+5h3V1Bjl6TjB4Im0OP5MymJVl50=; b=Fo9P7aL37E6v5EqdxXFJCYBazZb+ixL3KHX89nSoRCTmi98LoQan8nm30sIS9QtxBp DLQ4PgEdiyq9uHDnvspqaDhiPxiLLwM31bKr/5UGhkCwyC6jFfbt5y6MRmKYl3WGzcJQ kRvNQAKrG/sLeFDFMGtQWhfWwbkbAOd4wpa0oiDwVcBL8HwtU5bH5JIo/dt2SE62wQhl qkc9OEaj4ffx9F7E47CpbmX6CDHH1vQ07yfSdwvmdoYYhI4IddEgfWvXNhRQg4+9htxx xTdXXadsAn0cE7AcM+6t2puZUKEgbLFMnhgai1tq+yo2v7M9SqdrGrVZe0wOOYvmhulX mtYw== X-Gm-Message-State: APjAAAVqx5qAbhGzNzVwB46GXC/TzthXvT9kfF4kUbjK5EyPTpj2t2Nx WRhAnhfCDhpW/SEtc7RIzaF3p/08AfTbjRIbk4bHrg== X-Received: by 2002:a9d:73cd:: with SMTP id m13mr8285912otk.43.1559896887528; Fri, 07 Jun 2019 01:41:27 -0700 (PDT) MIME-Version: 1.0 References: <20190606085524.GA21119@zhanggen-UX430UQ> In-Reply-To: <20190606085524.GA21119@zhanggen-UX430UQ> From: Ondrej Mosnacek Date: Fri, 7 Jun 2019 10:41:17 +0200 Message-ID: Subject: Re: [PATCH v4] selinux: lsm: fix a missing-check bug in selinux_sb_eat_lsm_o pts() To: Gen Zhang Cc: Paul Moore , Stephen Smalley , Eric Paris , selinux@vger.kernel.org, Linux kernel mailing list Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 6, 2019 at 10:55 AM Gen Zhang wrote: > In selinux_sb_eat_lsm_opts(), 'arg' is allocated by kmemdup_nul(). It > returns NULL when fails. So 'arg' should be checked. And 'mnt_opts' > should be freed when error. > > Signed-off-by: Gen Zhang > Fixes: 99dbbb593fe6 ("selinux: rewrite selinux_sb_eat_lsm_opts()") My comments about the subject and an empty line before label apply here as well, but Paul can fix both easily when applying, so: Reviewed-by: Ondrej Mosnacek > --- > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 3ec702c..13479cd 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -2616,10 +2616,11 @@ static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts) > char *from = options; > char *to = options; > bool first = true; > + int rc; > > while (1) { > int len = opt_len(from); > - int token, rc; > + int token; > char *arg = NULL; > > token = match_opt_prefix(from, len, &arg); > @@ -2635,15 +2636,15 @@ static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts) > *q++ = c; > } > arg = kmemdup_nul(arg, q - arg, GFP_KERNEL); > + if (!arg) { > + rc = -ENOMEM; > + goto free_opt; > + } > } > rc = selinux_add_opt(token, arg, mnt_opts); > if (unlikely(rc)) { > kfree(arg); > - if (*mnt_opts) { > - selinux_free_mnt_opts(*mnt_opts); > - *mnt_opts = NULL; > - } > - return rc; > + goto free_opt; > } > } else { > if (!first) { // copy with preceding comma > @@ -2661,6 +2662,12 @@ static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts) > } > *to = '\0'; > return 0; > +free_opt: > + if (*mnt_opts) { > + selinux_free_mnt_opts(*mnt_opts); > + *mnt_opts = NULL; > + } > + return rc; > } > > static int selinux_sb_remount(struct super_block *sb, void *mnt_opts) -- Ondrej Mosnacek Software Engineer, Security Technologies Red Hat, Inc.