Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp5942320ybi; Wed, 12 Jun 2019 11:06:27 -0700 (PDT) X-Google-Smtp-Source: APXvYqx37zZ5Y/PG1jyMhnAzKNtRqsd7BBzJunuB9bIe456dm21Xv666WWC2eJFbPcNEfqyJlTF3 X-Received: by 2002:a17:90a:dd42:: with SMTP id u2mr486728pjv.118.1560362787207; Wed, 12 Jun 2019 11:06:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1560362787; cv=none; d=google.com; s=arc-20160816; b=rYb/SnvhZuwPM1o9+5spaGAqCMMGf3ymatKv5EYQbQUlMSrX5XC9MfPYBnk5a8ygka P0rNsJy2wZ3hIw1kw6h0wmNfhC1WqzKRMeHG2TUjWUZekTNQuhdZi0hWFMPaEvJWfeDR /L6X6euoHeNd8Dqxw/zZHUnpkMx0qUtLcKBKetR6mHAjxplh4mArIq1SQ7HqBDu+3PwF v1nFvtgs20V6kS3o50RlFy+HArQjshgUu/3Gng2G3k7VfhNG7AAJSlQPh+n+IDEusaOj FNPQhhUjvyG8Fb6V9WRPuWnAbcH5lnrUPOwGuPkRTU59N/8Xjcf1OR0/t6RMdHoh+J1H 95+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=3Wj8tFDiZvzxFDGQ8FFfl+cfAEOeLDLTEH6503XcxMY=; b=x2PL3zR/gmKEslauQHxPMUCdPcgyylyxQMRz9a9vhueCVzl48J48vt88qdIUJ4XM05 Zrajz4EBuD0xtRT/+X8t6YjKkDIH4GHQP8fSuRzl22dV6w9plxfQxmihKU9NyfGezTLQ nuQoNlSDBhcwa6aWTbgBAHyAUnUAUPvcO4qCeV+mVSdd1STy4WTBEEZ3Beeccrdy4osQ 51ztvEKby9RqWa7LTpMZ/ov4bHN2AM1x3uk82HBDsVSZ8140Q9kPih6Nxmhl3Dyxf4kV lCLbsJL3P1H8JnEdHmojHApvqIamYrx6+WNKxJ3zX9lXtGDuUOn8qG8RWzuwxAFDnnIC gZ9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=nvjWYQ3O; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h8si316266plr.291.2019.06.12.11.06.12; Wed, 12 Jun 2019 11:06:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=nvjWYQ3O; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730135AbfFLQQp (ORCPT + 99 others); Wed, 12 Jun 2019 12:16:45 -0400 Received: from mail-lf1-f68.google.com ([209.85.167.68]:46416 "EHLO mail-lf1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727126AbfFLQQp (ORCPT ); Wed, 12 Jun 2019 12:16:45 -0400 Received: by mail-lf1-f68.google.com with SMTP id z15so9929970lfh.13 for ; Wed, 12 Jun 2019 09:16:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3Wj8tFDiZvzxFDGQ8FFfl+cfAEOeLDLTEH6503XcxMY=; b=nvjWYQ3OHJDjWYibj/YNX20SWR28Rhln3Pwh8JIoMOB8OYo9eG07U/4EJIi9NQXKU8 FZ1/5iwJpMxE0klA5AmIIGuutxZJIxHeS6K+KXebsBLnYuO+t+KuX6kINQe7hjeoBDY3 0ZfXnRIiSqhRxTtwkbs5aoGhxHXWBwCKDHX5XpKeAaUVYQxyx/l5jNJiU2aLHbu2Sa7R feNRdnrd20kbNrAFb52qXZK/9aKx48QdfVrgI34RuxVxGpsKru21y4gadhgZb7yfkdSE iY1BePwQcyrF3ELgUklGxp9Ps2OI0ImZrPOFTAp1gGh5B2aZrBli2mw63UIYcMm86r88 RviA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3Wj8tFDiZvzxFDGQ8FFfl+cfAEOeLDLTEH6503XcxMY=; b=WKi/Xfg4qsSyGuwhUIqRTDlKzR16O8HUaZsfsB3yKSwKppg/iEOyUbPpks3knLsRvP 8T2dY/hgkn7JKo5Dd706o/gt8i6kFzTG4P3FHt40OUehA8gFO7v9kFQfp0DiSTFkWNeC uQJ7ZigUkAyYN7cyWViulEvid2nviAD7RjAPrzzlKQ1tmh/mMTeylyvoGjoWkSLtisaL 9MlrHGxSpFahNjKY5m9Gu+pROL6VjUw9DexHnz/+k9TTClIJ4GVrHVrN7NhYwtAodYYG 2UQ3Vo/FBTX7/KxBrNSDmWG//gkedN1otiV6zbleifpEWJrxJ7IvKXXiDLV//0/6dlPZ Oulg== X-Gm-Message-State: APjAAAX+wWUE9XsO7xj1wjy7ZqK3wl4Lmmqb82uub8RPkVP2IJrCYUkp 8t5U/UyTNhDnZ19ireaOyo2/h6jCBVEsBaqRi1ds X-Received: by 2002:a19:7716:: with SMTP id s22mr24362250lfc.64.1560356202660; Wed, 12 Jun 2019 09:16:42 -0700 (PDT) MIME-Version: 1.0 References: <20190612132821.GA3816@zhanggen-UX430UQ> In-Reply-To: <20190612132821.GA3816@zhanggen-UX430UQ> From: Paul Moore Date: Wed, 12 Jun 2019 12:16:31 -0400 Message-ID: Subject: Re: [PATCH v4] selinux: fix a missing-check bug in selinux_add_mnt_opt( ) To: Gen Zhang Cc: Stephen Smalley , Eric Paris , selinux@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 12, 2019 at 9:28 AM Gen Zhang wrote: > In selinux_add_mnt_opt(), 'val' is allocated by kmemdup_nul(). It returns > NULL when fails. So 'val' should be checked. And 'mnt_opts' should be > freed when error. > > Signed-off-by: Gen Zhang > Fixes: 757cbe597fe8 ("LSM: new method: ->sb_add_mnt_opt()") > --- > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 3ec702c..b4b888e 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -1052,15 +1052,24 @@ static int selinux_add_mnt_opt(const char *option, const char *val, int len, > if (token == Opt_error) > return -EINVAL; > > - if (token != Opt_seclabel) > - val = kmemdup_nul(val, len, GFP_KERNEL); > + if (token != Opt_seclabel) { > + val = kmemdup_nul(val, len, GFP_KERNEL); > + if (!val) { > + rc = -ENOMEM; > + goto free_opt; > + } This block has an extra indent, but I'll go ahead and fix that during the merge. I have to mention that had you run this patch through ./scripts/checkpatch.pl it would have caught the mistake :) Regardless, thanks for the patch, I've merged it into the selinux/stable-5.2 branch and I'll be testing it shortly. > + } > rc = selinux_add_opt(token, val, mnt_opts); > if (unlikely(rc)) { > kfree(val); > - if (*mnt_opts) { > - selinux_free_mnt_opts(*mnt_opts); > - *mnt_opts = NULL; > - } > + goto free_opt; > + } > + return rc; > + > +free_opt: > + if (*mnt_opts) { > + selinux_free_mnt_opts(*mnt_opts); > + *mnt_opts = NULL; > } > return rc; > } -- paul moore www.paul-moore.com