lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 22 Sep 2006 16:13:17 -0700
From:	Kylene Jo Hall <kjhall@...ibm.com>
To:	linux-kernel <linux-kernel@...r.kernel.org>
Cc:	akpm@...l.org, Mimi Zohar <zohar@...ibm.com>,
	Dave Safford <safford@...ibm.com>,
	Serge Hallyn <sergeh@...ibm.com>
Subject: [PATCH] slim: fix bug with mm_users usage

There is a NULL pointer dereference possible that was introduced in the
last round of modifications to the demotion code before merging.
current->mm should be checked for existence before it is dereferenced to
check the value of the mm_users field.  This patch fixes all instances
of this bug.

Signed-off-by: Kylene Hall <kjhall@...ibm.com>
---
 security/slim/slm_main.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

--- linux-2.6.18-rc6-orig/security/slim/slm_main.c	2006-09-18 16:41:51.000000000 -0500
+++ linux-2.6.18-rc6/security/slim/slm_main.c	2006-09-22 13:58:35.000000000 -0500
@@ -529,7 +519,7 @@ static int enforce_integrity_read(struct
 	spin_lock(&cur_tsec->lock);
 	if (!is_iac_less_than_or_exempt(level, cur_tsec->iac_r)) {
 		rc = has_file_wperm(level);
-		if (atomic_read(&current->mm->mm_users) != 1)
+		if (current->mm && atomic_read(&current->mm->mm_users) != 1)
 			rc = 1;
 		if (rc) {
 			dprintk(SLM_BASE, "ppid %d(%s p=%d-%s) "
@@ -1100,7 +1092,7 @@ int slm_socket_create(int family, int ty
 			memset(&level, 0, sizeof(struct slm_file_xattr));
 			level.iac_level = SLM_IAC_UNTRUSTED;
 			rc = has_file_wperm(&level);
-			if (atomic_read(&current->mm->mm_users) != 1)
+			if (current->mm && atomic_read(&current->mm->mm_users) != 1)
 				rc = 1;
 			if (rc) {
 				dprintk(SLM_BASE,
@@ -1306,7 +1298,7 @@ static int enforce_integrity_execute(str
 		cur_tsec->iac_r = cur_tsec->iac_wx;
 	} else {
 		rc = has_file_wperm(level);
-		if (atomic_read(&current->mm->mm_users) != 1)
+		if (current->mm && atomic_read(&current->mm->mm_users) != 1)
 			rc = 1;
 		if (rc) {
 			dprintk(SLM_BASE,


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ