Received: by 2002:a05:7208:9594:b0:7e:5202:c8b4 with SMTP id gs20csp1523244rbb; Mon, 26 Feb 2024 12:02:05 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWziSkd2PAi1Ffi9f9z1DJm7Q8GvwQkZMtfxRaYbsVOdfGRNGXqD3lHiWVLw4F+/8RWoVMQyh48/BuKDRvMp7lYf+JYmGROzw5WK0tfEA== X-Google-Smtp-Source: AGHT+IFDHBi5Es6+aMuQ9LO+3RHBiKULGOW+EuXSiZp0yt1lP+TONSv24xbhhUIVaRTHYEevZwMv X-Received: by 2002:a05:6e02:12e3:b0:365:1685:c65d with SMTP id l3-20020a056e0212e300b003651685c65dmr10486640iln.10.1708977724845; Mon, 26 Feb 2024 12:02:04 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708977724; cv=pass; d=google.com; s=arc-20160816; b=PmZkATbpqd1Pf+AO9jqrROdieO4SaRVzlZrbmMuwLYq60bUTksCMY+Nx4q/SdnfivL 0Sbuhw2d8j+87BBeKB7noc+C1nlY5upUTJC6nP0TsA2vufDr+mIrH+hG4gdb/XjJpiCh ejIiNKWyA+2a8b8D+BZMdK8ySc1mFTZH8faD2TcWQ/iZkMxug4h9bdjSSTKIR2mr/8Ax LFkw7YjplTq28eMBasCts4WfKwYTEy7TBJhhJKALCWtYrYAsvqbJ6aYitAyU5aSMyJxw trnkmCStdhfyULqWxkYFNNUBBUGTVyOyj2elTTEcrGcRzaALGWG9w9U5qTfcZF+AtnXE yBhA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=XMyH3X6y0ghY91KBV/IXMi8hinan8vTup4YSJD234YQ=; fh=WKEdKLLgAdSHKqsuIQ4DctefPMxCf9cbo9PRiIHtOkA=; b=AFLosE5FxRb8IG8/pEA7vYRNHkfKwx03WHj7nm9qdFUE5PNsWQID1U4GmfE0ZsrXDD MC2A6unpejhC8mHmYd/8oapMnS7RT60GUWTJXvT1w2uoluTkqUTi/lwwe/6PYxWUuKO7 blc3yvAsTNFuwT/449aQ4YSvoKPuJG1wS8kDxBnqqM0OpfWfRBkRjJxlv+c1bvC9U92T 12l7TRtiYXKkzYWe0dGFD3hqx/WT0Ty8JvkPQGGY7G7GuS9z5cf+TI+AC97ZvNFUQ0on gb6H0jqrjWlqdEPNErcS1kuScJ004ig0Y15mbuYbDp0DQZK//f3FPodsUXh8VFXMcBNr in0w==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=Vu0ltbrW; arc=pass (i=1 spf=pass spfdomain=paul-moore.com dkim=pass dkdomain=paul-moore.com dmarc=pass fromdomain=paul-moore.com); spf=pass (google.com: domain of linux-kernel+bounces-82274-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-82274-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id y62-20020a638a41000000b005cdc5c9d6a2si4215571pgd.576.2024.02.26.12.02.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 26 Feb 2024 12:02:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-82274-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=Vu0ltbrW; arc=pass (i=1 spf=pass spfdomain=paul-moore.com dkim=pass dkdomain=paul-moore.com dmarc=pass fromdomain=paul-moore.com); spf=pass (google.com: domain of linux-kernel+bounces-82274-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-82274-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 15484288DD2 for ; Mon, 26 Feb 2024 20:00:22 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3BF5F130AFA; Mon, 26 Feb 2024 20:00:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="Vu0ltbrW" Received: from mail-yb1-f178.google.com (mail-yb1-f178.google.com [209.85.219.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 51C4712FF98 for ; Mon, 26 Feb 2024 20:00:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.178 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708977613; cv=none; b=HSoAIloG0886r92hgNHXBUKzPdV3IXWLH+P3wjAzC0/qHwTDms7FLSYVWs/Y32+PNPxe+xLeq6DNGuZXvERO928ALMJc6jwA5CDc4UGtIgcbOM7kqf/UVtrm257H7ojn4xr6Pt6REOvUlyZbEXj+xGYSERcQ9U/Y7fohPiY1mWc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708977613; c=relaxed/simple; bh=pehUlEWHJhuRq9lM7KavvQJzY5vJpoSwudZUjolrSuA=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=YNp1Sz24rRc8N0Lovr4p5FJx5etKlp++58Byu1tBtK2Gb2TuB8tt2WDMjYS/2oMmyzcgrllXoGxXkuS5727JJIeanv3Q/pVou04dS0yCwSAaycmFQ26o9/VoALGADnMuUt6xGME/rEBGVIt7QCKnPJGZ10uz06T8Ytd/Vscu9Tk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=Vu0ltbrW; arc=none smtp.client-ip=209.85.219.178 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Received: by mail-yb1-f178.google.com with SMTP id 3f1490d57ef6-dc6d24737d7so2992649276.0 for ; Mon, 26 Feb 2024 12:00:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1708977610; x=1709582410; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=XMyH3X6y0ghY91KBV/IXMi8hinan8vTup4YSJD234YQ=; b=Vu0ltbrWtBfntQBiqMOXofE/xsoZFs0qnwabmBXg2gZBbRjxNb2r8hC4eBn7FLc99M un+ei2VMF9y1YGWnSzSkbs4S7suJNMbjP9H/iEaFRHCjYr4Guni2+3X0H8zN/YElaMED Sq1pRyIao3TGcVuFlDUKXP5TZ3WlSSOLr3/d41LYh4cCYppPD8KcSN9xSENfirqlR4vO 1ypQKraoUEHU0IunmWgzNrVuC/wWapFmyXTfJzjhUTRPfhxpJh46vq/rrGz2xbTViXY0 wr9YPFH7+jduOS2vyzwn5QF8cU8fBQg05UboGcEtoydnqTQpNWuHf7bU5O8MDs1O8xDe 4HvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708977610; x=1709582410; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XMyH3X6y0ghY91KBV/IXMi8hinan8vTup4YSJD234YQ=; b=XlWIFbu0akxDPDevlsqenxC94dGhKkuGlkVtJnyeVMV/yQzreH+qJdz6tjneayS5ic izuV9XMWsCxsSDzJR7YUJh8woAzjDRPm7OXiVF7UQTa9Z2dbkDWUfgdAM1va+Z65GPbt paq3F5DRdxX+mLF35ZUjnn6SMz2oFeRC0U5nfjdxOB78COm/MvZ6k0/1vW4USIIoZvEa 9oyxNrMpQWJq7aOGFF+JX++HYLK8Jj/rIK/Dtew9bP9GRdnIq5KJRXXjU8oFmVCUq9N+ PUSDXSnlDxHV6D2RS9627hMLxpgQ0qgVMfb0vrP3Z9UeHilKzwTVoJFXxClQ8nVmddGK bMRg== X-Forwarded-Encrypted: i=1; AJvYcCWoU6bG/ihO0365fY5nEgJlXFqJFNhPBo14RnV5qzwowE/TbG/XMdl51gzt7uxOqWs6HYhz3apG+TuWWFrAQQfCg6KYE5MmNc48VVJp X-Gm-Message-State: AOJu0YwM+lb/8wdVe8AMBABIm8naFYUbxmPjN3EfBDeV4VIcx4PlDFak ORphh4lhDCLXiiBGfZX6iz9LCIh7YTfxa/wO23DuD5A2Xa+cyrmWKIICXn1FEWVMjO7sSVYJMFU xDhuhHGU3i+0C12yk8B/50i9wSg/baeUxpjxz+nc7vftEUMM= X-Received: by 2002:a25:8b89:0:b0:dc6:bbbc:80e4 with SMTP id j9-20020a258b89000000b00dc6bbbc80e4mr206159ybl.4.1708977610011; Mon, 26 Feb 2024 12:00:10 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240223190546.3329966-1-mic@digikod.net> <20240223190546.3329966-2-mic@digikod.net> In-Reply-To: From: Paul Moore Date: Mon, 26 Feb 2024 14:59:59 -0500 Message-ID: Subject: Re: [PATCH 2/2] AppArmor: Fix lsm_get_self_attr() To: =?UTF-8?B?TWlja2HDq2wgU2FsYcO8bg==?= Cc: Casey Schaufler , John Johansen , James Morris , "Serge E . Hallyn" , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, stable@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Feb 23, 2024 at 4:07=E2=80=AFPM Paul Moore wr= ote: > On Fri, Feb 23, 2024 at 2:06=E2=80=AFPM Micka=C3=ABl Sala=C3=BCn wrote: > > > > aa_getprocattr() may not initialize the value's pointer in some case. > > As for proc_pid_attr_read(), initialize this pointer to NULL in > > apparmor_getselfattr() to avoid an UAF in the kfree() call. > > > > Cc: Casey Schaufler > > Cc: John Johansen > > Cc: Paul Moore > > Cc: stable@vger.kernel.org > > Fixes: 223981db9baf ("AppArmor: Add selfattr hooks") > > Signed-off-by: Micka=C3=ABl Sala=C3=BCn > > --- > > security/apparmor/lsm.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > If you like John, I can send this up to Linus with the related SELinux > fix, I would just need an ACK from you. Reviewed-by: Paul Moore This patch looks good to me, and while we've still got at least two (maybe three?) more weeks before v6.8 is tagged, I think it would be good to get this up to Linus ASAP. I'll hold off for another day, but if we don't see any comment from John I'll go ahead and merge this and send it up to Linus with the SELinux fix; I'm sure John wouldn't be happy if v6.8 went out the door without this fix. > > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c > > index 98e1150bee9d..9a3dcaafb5b1 100644 > > --- a/security/apparmor/lsm.c > > +++ b/security/apparmor/lsm.c > > @@ -784,7 +784,7 @@ static int apparmor_getselfattr(unsigned int attr, = struct lsm_ctx __user *lx, > > int error =3D -ENOENT; > > struct aa_task_ctx *ctx =3D task_ctx(current); > > struct aa_label *label =3D NULL; > > - char *value; > > + char *value =3D NULL; > > > > switch (attr) { > > case LSM_ATTR_CURRENT: > > -- > > 2.43.0 --=20 paul-moore.com