lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200801281723.46273.paul.moore@hp.com>
Date:	Mon, 28 Jan 2008 17:23:46 -0500
From:	Paul Moore <paul.moore@...com>
To:	Adrian Bunk <bunk@...nel.org>
Cc:	James Morris <jmorris@...ei.org>, sds@...ho.nsa.gov,
	eparis@...isplace.org, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [2.6 patch] security/selinux/netlabel.c: fix double free

On Monday 28 January 2008 5:09:38 pm Adrian Bunk wrote:
> This patch fixes a double free (security_netlbl_sid_to_secattr()
> already calls netlbl_secattr_destroy() when it returns !0) introduced
> by commit 45c950e0f839fded922ebc0bfd59b1081cc71b70 and spotted by the
> Coverity checker.

Hi Adrian,

Thanks for finding this mistake, however, I'd rather see it fixed by 
removing the netlbl_secattr_destroy() call in 
security_netlbl_sid_to_secattr() as it really shouldn't be there 
anymore.  We moved the matching _init() call into 
selinux_netlbl_sock_setsid() and I'd like to see the _init() and 
_destroy() calls done in the same function.  I can push a revised patch 
for this if you would prefer, otherwise I'll be happy to ack an updated 
version ...

> Signed-off-by: Adrian Bunk <bunk@...nel.org>
>
> ---
> --- linux-2.6/security/selinux/netlabel.c.old	2008-01-23
> 00:38:19.000000000 +0200 +++
> linux-2.6/security/selinux/netlabel.c	2008-01-23 00:39:09.000000000
> +0200 @@ -58,22 +58,22 @@ static int selinux_netlbl_sock_setsid(st rc
> = security_netlbl_sid_to_secattr(sid, &secattr);
>  	if (rc != 0)
>  		goto sock_setsid_return;
>  	rc = netlbl_sock_setattr(sk, &secattr);
>  	if (rc == 0) {
>  		spin_lock_bh(&sksec->nlbl_lock);
>  		sksec->nlbl_state = NLBL_LABELED;
>  		spin_unlock_bh(&sksec->nlbl_lock);
>  	}
>
> -sock_setsid_return:
>  	netlbl_secattr_destroy(&secattr);
> +sock_setsid_return:
>  	return rc;
>  }
>
>  /**
>   * selinux_netlbl_cache_invalidate - Invalidate the NetLabel cache
>   *
>   * Description:
>   * Invalidate the NetLabel security attribute mapping cache.
>   *
>   */



-- 
paul moore
linux security @ hp
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ