lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <494F148F.8070101@larces.uece.br>
Date:	Mon, 22 Dec 2008 01:16:15 -0300
From:	Sergio Luis <sergio@...ces.uece.br>
To:	Casey Schaufler <casey@...aufler-ca.com>
CC:	"Ahmed S. Darwish" <darwish.07@...il.com>,
	LSM <linux-security-module@...r.kernel.org>,
	LKLM <linux-kernel@...r.kernel.org>
Subject: [PATCH] smackfs: check for allocation failures in smk_set_access()

 smackfs: check for allocation failures in smk_set_access() 

 While adding a new subject/object pair to smack_list, smk_set_access()
 didn't check the return of kzalloc(). 

 This patch changes smk_set_access() to return 0 or -ENOMEM, based on 
 kzalloc()'s return. It also updates its caller, smk_write_load(), to
 check for smk_set_access()'s return, given it is no longer a void 
 return function.

 Signed-off-by: Sergio Luis <sergio@...ces.uece.br>
 To: Casey Schaufler <casey@...aufler-ca.com>
 Cc: Ahmed S. Darwish <darwish.07@...il.com>
 Cc: LSM <linux-security-module@...r.kernel.org>
 Cc: LKLM <linux-kernel@...r.kernel.org>

 security/smack/smackfs.c |   20 ++++++++++++++++----
 1 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index c21d8c8..44eb933 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -185,11 +185,15 @@ static int smk_open_load(struct inode *inode, struct file *file)
  * the subject/object pair and replaces the access that was
  * there. If the pair isn't found add it with the specified
  * access.
+ *
+ * Returns 0 if nothing goes wrong or -ENOMEM if it fails
+ * during the allocation of the new pair to add.
  */
-static void smk_set_access(struct smack_rule *srp)
+static int smk_set_access(struct smack_rule *srp)
 {
 	struct smk_list_entry *sp;
 	struct smk_list_entry *newp;
+	int ret = 0;
 
 	mutex_lock(&smack_list_lock);
 
@@ -202,14 +206,20 @@ static void smk_set_access(struct smack_rule *srp)
 
 	if (sp == NULL) {
 		newp = kzalloc(sizeof(struct smk_list_entry), GFP_KERNEL);
+		if (newp == NULL) {
+			ret = -ENOMEM;
+			goto out;
+		}
+
 		newp->smk_rule = *srp;
 		newp->smk_next = smack_list;
 		smack_list = newp;
 	}
 
+out:
 	mutex_unlock(&smack_list_lock);
 
-	return;
+	return ret;
 }
 
 /**
@@ -309,8 +319,10 @@ static ssize_t smk_write_load(struct file *file, const char __user *buf,
 		goto out;
 	}
 
-	smk_set_access(&rule);
-	rc = count;
+	rc = smk_set_access(&rule);
+
+	if (!rc)
+		rc = count;
 
 out:
 	kfree(data);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ