Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp5934730ybi; Wed, 12 Jun 2019 10:59:24 -0700 (PDT) X-Google-Smtp-Source: APXvYqykzGdG5p4FSsPsXEWXyEgWKr961JxCEvFG+kRil7uLlvz6HKWjtLsXguoe8MSm2kE7xw9+ X-Received: by 2002:a62:cdc8:: with SMTP id o191mr18299227pfg.74.1560362364101; Wed, 12 Jun 2019 10:59:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560362364; cv=none; d=google.com; s=arc-20160816; b=Un6Hn9rENB20PBvTOLlbzd6Df7I3TKOJK8Xa563HK2QrxiM9SH3VUr+yi++jlxCSq3 enTRUGyY0SrUyG62AvCqgS+jGhrzGef9uJJ+prNpkjMB4XnmRtRex+8nOLv1HUlPpQiu zUGgGewjC/I11ZGS7CdRfo9Y5QU/e9WuAwxHBkGULlZBhq3Y/hb+Sf20SPg2uPKZQ2oq tIBxmcBMR2x4bqJEpq4ye1Q+DPSSSyIUUsj+hO/taUz2g2dxGwN1JJ3qbagOrvfDy6ll NMhOLIp9pZMl1Eq4uCEnCi3Ie76Uw8Z6toNcN6kyDNJKJYQ8eR1XOYQBjllrOuGd26mr a6Fg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:content-disposition :mime-version:message-id:subject:cc:to:from:date:dkim-signature; bh=CNyDYbzNuel0dys1IQuV1nwZIY+t4+V7JKy2VJB2erY=; b=kjomG7zMjvJ0Rgz+NrAAvesLBN8thZytpn0fh8hUNFo1DcI5ikDfGohtfpKUqxpofe seSW+Etb84PitarJvvVnFgzanj8YUmTVyuWnW3XWScbJVOMNv3R+teGp6zwNeWYJweCT EvLTdGSkg6dT5tRXV8X2Q4RIudUYhAt6jiPf63uWOzCdQqdMtn43XMC9N9qa+f8Vq4tu ZnSbCQqIgdemEsHV31IhUlV4AlWDTVKrgbTYhe/6B+8Cj/2nvipY9V9NCn+VQIRVYF6A +keeV6R6y08x34Rquh697CgznphmEYAsefSoK8Uz4+c1veUr0e1monsPXWoQDv+wNgV7 tR6Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=pyuWS3GD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l10si408320pgk.276.2019.06.12.10.59.09; Wed, 12 Jun 2019 10:59:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=pyuWS3GD; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729296AbfFLN2d (ORCPT + 99 others); Wed, 12 Jun 2019 09:28:33 -0400 Received: from mail-wr1-f65.google.com ([209.85.221.65]:45340 "EHLO mail-wr1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727416AbfFLN2d (ORCPT ); Wed, 12 Jun 2019 09:28:33 -0400 Received: by mail-wr1-f65.google.com with SMTP id f9so16888886wre.12; Wed, 12 Jun 2019 06:28:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=CNyDYbzNuel0dys1IQuV1nwZIY+t4+V7JKy2VJB2erY=; b=pyuWS3GDx6wVjS6cEDEx8LRrR35dtKO2Hw2h58DLZsTWIJd3Ft4NL4fUx1jbTAY3kM tT3LiJai1UlggNCC7V4HBpRgxHqM769GllY6CBPd6sxD2dpSZAa1Y1RwJZX4EJ3x57Q2 wOcm8yb3ksPFjwOk5A/V2YMiwxWUqBWmQylcFQT0qmQNWoVCs9XtSjwIWZYPmfYsYQjq +48PSC5R//q1PaMxHoGOPPjPafiSyNRmqrasFtAtx/TrzuWdDgi2OCSCDmsFAh+hj59a XUrt9hDF73gr/xGVcRnmKdQIKkl/YSzvKJNPSuN1Hl7wS9JV5HftOc5CJeemTfwRwDTg JVYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=CNyDYbzNuel0dys1IQuV1nwZIY+t4+V7JKy2VJB2erY=; b=lva8Bi2wvipy5R5bIpt9swu/k0iSxvJDzoP5TLWv4Jv25YTkNJgTxg7SRAqop8kwT3 f+t+KrMKzRBa4Ikry4Z6DNb9BoaazmWUPyww8/NzMb0CNvehNTmgLPl4dymR11SsbQaM eCaBQxEZ92Os0AkVHd6uoPmpKee/xw0ina8zdsugfV56R74W7+P9pLQylMKJrq70+rKP zMR1a4nGQVpg9yJt2KiTncAgJ0yo9OttNBRVM3U2owAqzCeF+SgNp1Q0eEjKEef36XVC T3SFNx9eAOS3p+40FTeN0fgtiODxooYZtBU8CTRYczvf8DkBU7veWpNSteGLnDdxKp7S R2aA== X-Gm-Message-State: APjAAAWdiyJjEQGqj7MTBVAvj52CRTBzxwX+jwQgmkLHjk/WvLwhP2dd Fgmn3q/1HB0Q8/D6NGe/XHVETnFewEc= X-Received: by 2002:adf:8044:: with SMTP id 62mr7474470wrk.20.1560346111335; Wed, 12 Jun 2019 06:28:31 -0700 (PDT) Received: from zhanggen-UX430UQ ([108.61.173.19]) by smtp.gmail.com with ESMTPSA id h90sm37628063wrh.15.2019.06.12.06.28.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Jun 2019 06:28:30 -0700 (PDT) Date: Wed, 12 Jun 2019 21:28:21 +0800 From: Gen Zhang To: paul@paul-moore.com, sds@tycho.nsa.gov, eparis@parisplace.org Cc: selinux@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4] selinux: fix a missing-check bug in selinux_add_mnt_opt( ) Message-ID: <20190612132821.GA3816@zhanggen-UX430UQ> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In selinux_add_mnt_opt(), 'val' is allocated by kmemdup_nul(). It returns NULL when fails. So 'val' should be checked. And 'mnt_opts' should be freed when error. Signed-off-by: Gen Zhang Fixes: 757cbe597fe8 ("LSM: new method: ->sb_add_mnt_opt()") --- diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3ec702c..b4b888e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1052,15 +1052,24 @@ static int selinux_add_mnt_opt(const char *option, const char *val, int len, if (token == Opt_error) return -EINVAL; - if (token != Opt_seclabel) - val = kmemdup_nul(val, len, GFP_KERNEL); + if (token != Opt_seclabel) { + val = kmemdup_nul(val, len, GFP_KERNEL); + if (!val) { + rc = -ENOMEM; + goto free_opt; + } + } rc = selinux_add_opt(token, val, mnt_opts); if (unlikely(rc)) { kfree(val); - if (*mnt_opts) { - selinux_free_mnt_opts(*mnt_opts); - *mnt_opts = NULL; - } + goto free_opt; + } + return rc; + +free_opt: + if (*mnt_opts) { + selinux_free_mnt_opts(*mnt_opts); + *mnt_opts = NULL; } return rc; }