Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp43981rbb; Fri, 23 Feb 2024 11:06:17 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXAjVu7GV/VrxliyAWm9XOi/Pq1UhyRxV8cphNoFeHm11Gj2GEpShXYTeLEhSwgPHUidB73f8LeHE7KXU+6KaXjnL14znDTL2QadoAfZw== X-Google-Smtp-Source: AGHT+IHHaoM6R7ZubrpQu1hEbgrK0zVxTuWKCSEYS6XuVv6hiPIV79pLQF8Ddqrh6SkyjRhs9vNV X-Received: by 2002:a05:6512:114c:b0:512:e506:1c66 with SMTP id m12-20020a056512114c00b00512e5061c66mr568193lfg.26.1708715177311; Fri, 23 Feb 2024 11:06:17 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708715177; cv=pass; d=google.com; s=arc-20160816; b=CnwQcfPrU/75dHmuxDiT+ZePKURVTtGG5dYqHHe1KEzVOLg+FNnU8FpC9aNzNJUdav eekAQCLItgfpYcRY8lPds/OpHompplEDtIe+r+mwXWpK0RVpx3SthjEx0cn7OTiiPI8q 0EUPziKBMmXL0VFJFGCkEOHM+VV0dBWJo/k+J+kptngU+PIdi14461fhiEEDW0c4HDln vdWPEf3D64DD6BcqqFHx0yc7jNpQd/ppeBaRiFUwoKXSi/R7zlTTMBSjbsdiibRz2hjb gfafUy6llUhQTq7LmSojLVg5Nm1H+H0Y1Km5wfOERSkOtqBdQKpepCN1wsnwiPA2d0ym AbDA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=ebNM1jfNxFrGEla+vw6xrGOMJ3r34v4XyT6ZnJpNf/4=; fh=75p7ccQGuT0xN9vNAOHl1M6SKBcYhJIT9hLFptk3jWg=; b=bM8zh4M48vs5ki16j4D6uCtxMnnkJLbQB5oJ3nel2N6jDfgSyB6gXyk1aeoJILSR3R rrh+lX8kDPK+fI9bIMK+/Nj2xaflZxhOt/eBz5z8csICb7Ru5mdyvF/leCEkr8/6EmLZ xQ+FTebTV3l3l2ZfVzk59kJ2TPd8rTSDY1sQ02cQSxrQxmmpslSVB1rHdFhz3Oqv5MQR YXyf5vyb7JLXwGkKkfGT+3mVOHZYeAdffrhmTjzGx56etAEPovMWcaynq/OtBvXkU6F7 N51Q04OQcCp0YcZdtUz4ZwvDEhEkTqZs46P84SZm/6O2Ke/4rhDU+2PIr71kcLSvhifO OCUA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=H9WEYkU4; arc=pass (i=1 spf=pass spfdomain=digikod.net dkim=pass dkdomain=digikod.net); spf=pass (google.com: domain of linux-kernel+bounces-79015-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-79015-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id r15-20020a50aacf000000b00564477609c3si5473081edc.378.2024.02.23.11.06.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Feb 2024 11:06:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-79015-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=H9WEYkU4; arc=pass (i=1 spf=pass spfdomain=digikod.net dkim=pass dkdomain=digikod.net); spf=pass (google.com: domain of linux-kernel+bounces-79015-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-79015-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id CB0411F23E79 for ; Fri, 23 Feb 2024 19:06:16 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 8BEB4143C7B; Fri, 23 Feb 2024 19:06:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b="H9WEYkU4" Received: from smtp-190e.mail.infomaniak.ch (smtp-190e.mail.infomaniak.ch [185.125.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CA76EEAD2 for ; Fri, 23 Feb 2024 19:06:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.25.14 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708715169; cv=none; b=kCmqUTWlQUmmdBJ4xCuCgxVgJRWhMOm7N5ktVvC+SZdi7FDoGH5gO5kJjOONGJU0+I/yR0eCt5ar1XSNg4bV69InUlEh3JxwvJWFmPYdRqowRu/Vtb4mZEzhGQSTLHpZ05slwe3LoWFcJRSJCVtH0TtJaq7Us7ZH0NLG4pfnaII= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708715169; c=relaxed/simple; bh=YdGYAHw605VafQ4cjqctlQpaI+zPzB3uwPRkJjOjJFE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=oQBkYuzkXENYgvB6tBMAE/1Z2pKhp+Pq6sUv9EI6yas0U74GqkrYrj17BBRMyIcKytSs+GYM1aFWfHysrYOM7qy5HhtYhU9wNxxCIOxsHKbnQLnYqoQPPtQHtrJOUV9GKuj+P/UuHE/ZB+1p9Y7uG6YO+duCmYWFQ0UkB0EecT0= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net; spf=pass smtp.mailfrom=digikod.net; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b=H9WEYkU4; arc=none smtp.client-ip=185.125.25.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=digikod.net Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4ThKGv49QfzMq2xt; Fri, 23 Feb 2024 20:05:59 +0100 (CET) Received: from unknown by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4ThKGv0pfYzMpnPc; Fri, 23 Feb 2024 20:05:59 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digikod.net; s=20191114; t=1708715159; bh=YdGYAHw605VafQ4cjqctlQpaI+zPzB3uwPRkJjOjJFE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=H9WEYkU4GyTi79yWNsj+FBBwY2I/Zm9vHlkuL2GG+FniECt0mVFOKqZkNHj7g0SR7 1np3Zpre5uRvuBsKC4mPYJ5qluB+Q7MQHE2a6o6JlD2DBpzYmaKjK/DqFEAQxkf9yy XQrvusHt5juvdNyRutZawD3xEJfECNx2tvu5UI24= From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= To: Casey Schaufler , John Johansen , Paul Moore Cc: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , James Morris , "Serge E . Hallyn" , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH 2/2] AppArmor: Fix lsm_get_self_attr() Date: Fri, 23 Feb 2024 20:05:46 +0100 Message-ID: <20240223190546.3329966-2-mic@digikod.net> In-Reply-To: <20240223190546.3329966-1-mic@digikod.net> References: <20240223190546.3329966-1-mic@digikod.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Infomaniak-Routing: alpha aa_getprocattr() may not initialize the value's pointer in some case. As for proc_pid_attr_read(), initialize this pointer to NULL in apparmor_getselfattr() to avoid an UAF in the kfree() call. Cc: Casey Schaufler Cc: John Johansen Cc: Paul Moore Cc: stable@vger.kernel.org Fixes: 223981db9baf ("AppArmor: Add selfattr hooks") Signed-off-by: Mickaël Salaün --- security/apparmor/lsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 98e1150bee9d..9a3dcaafb5b1 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -784,7 +784,7 @@ static int apparmor_getselfattr(unsigned int attr, struct lsm_ctx __user *lx, int error = -ENOENT; struct aa_task_ctx *ctx = task_ctx(current); struct aa_label *label = NULL; - char *value; + char *value = NULL; switch (attr) { case LSM_ATTR_CURRENT: -- 2.43.0