lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:   Fri,  4 May 2018 15:15:11 +0100
From:   Colin King <colin.king@...onical.com>
To:     John Johansen <john.johansen@...onical.com>,
        James Morris <jmorris@...ei.org>,
        "Serge E . Hallyn" <serge@...lyn.com>,
        linux-security-module@...r.kernel.org
Cc:     kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH][next] apparmor: fix error return check with a u32 being less than zero

From: Colin Ian King <colin.king@...onical.com>

The check for *seclen being less than zero for an error condtion check
is never true as it is a u32 and hence cannot be less than zero. Fix
this by using an int ret for error return checking and assigning *seclen
to this.

Detected by CoverityScan, CID#1468514 ("Unsigned comparison against 0")

Fixes: c092921219d2 ("apparmor: add support for mapping secids and using secctxes")
Signed-off-by: Colin Ian King <colin.king@...onical.com>
---
 security/apparmor/secid.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/security/apparmor/secid.c b/security/apparmor/secid.c
index 502924853986..9c431e9a9836 100644
--- a/security/apparmor/secid.c
+++ b/security/apparmor/secid.c
@@ -142,6 +142,7 @@ int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
 {
 	/* TODO: cache secctx and ref count so we don't have to recreate */
 	struct aa_label *label = aa_secid_to_label(secid);
+	int ret;
 
 	AA_BUG(!secdata);
 	AA_BUG(!seclen);
@@ -150,16 +151,17 @@ int apparmor_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
 		return -EINVAL;
 
 	if (secdata)
-		*seclen = aa_label_asxprint(secdata, root_ns, label,
-					    FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
-					    FLAG_HIDDEN_UNCONFINED |
-					    FLAG_ABS_ROOT, GFP_ATOMIC);
+		ret = aa_label_asxprint(secdata, root_ns, label,
+					FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
+					FLAG_HIDDEN_UNCONFINED |
+					FLAG_ABS_ROOT, GFP_ATOMIC);
 	else
-		*seclen = aa_label_snxprint(NULL, 0, root_ns, label,
-					    FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
-					    FLAG_HIDDEN_UNCONFINED |
-					    FLAG_ABS_ROOT);
-	if (*seclen < 0)
+		ret = aa_label_snxprint(NULL, 0, root_ns, label,
+					FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
+					FLAG_HIDDEN_UNCONFINED |
+					FLAG_ABS_ROOT);
+	*seclen = ret;
+	if (ret < 0)
 		return -ENOMEM;
 
 	return 0;
-- 
2.17.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ