| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <61a5d3be-b99c-69d3-8619-e5c4d1004dd5@schaufler-ca.com>
Date: Fri, 24 Jun 2016 09:38:45 -0700
From: Casey Schaufler <casey@...aufler-ca.com>
To: Kees Cook <keescook@...omium.org>
Cc: LSM <linux-security-module@...r.kernel.org>,
James Morris <jmorris@...ei.org>,
John Johansen <john.johansen@...onical.com>,
Stephen Smalley <sds@...ho.nsa.gov>,
Paul Moore <paul@...l-moore.com>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
LKLM <linux-kernel@...r.kernel.org>
Subject: [PATCH v4 4/3] LSM: Improve context interface for proc attrs
Subject: [PATCH v4 4/3] LSM: Improve context interface for proc attrs
Replace kzalloc ... sprintf with kasprintf in the
"context" procfs attr code.
Signed-off-by: Casey Schaufler <casey@...aufler-ca.com>
---
security/apparmor/lsm.c | 47 +++++++++++++++++++++++-----------------------
security/selinux/hooks.c | 4 +---
security/smack/smack_lsm.c | 5 +----
3 files changed, 26 insertions(+), 30 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 3790a7d..5cac15f 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -476,6 +476,8 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
const struct cred *cred = get_task_cred(task);
struct aa_task_cxt *cxt = cred_cxt(cred);
struct aa_profile *profile = NULL;
+ char *vp;
+ char *np;
if (strcmp(name, "current") == 0)
profile = aa_get_newest_profile(cxt->profile);
@@ -488,30 +490,29 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
else
error = -EINVAL;
- if (profile) {
- if (strcmp(name, "context") == 0) {
- char *vp;
- char *np;
-
- error = aa_getprocattr(profile, &vp);
- if (error > 0) {
- error += 12;
- *value = kzalloc(error, GFP_KERNEL);
- if (*value == NULL)
- error = -ENOMEM;
- else {
- sprintf(*value, "apparmor='%s'", vp);
- np = strchr(*value, '\n');
- if (np != NULL) {
- np[0] = '\'';
- np[1] = '\0';
- }
- }
- }
- } else
- error = aa_getprocattr(profile, value);
- }
+ if (profile == NULL)
+ goto put_out;
+
+ error = aa_getprocattr(profile, &vp);
+ if (error < 0)
+ goto put_out;
+
+ if (strcmp(name, "context") == 0) {
+ *value = kasprintf(GFP_KERNEL, "apparmor='%s'", vp);
+ if (*value == NULL) {
+ error = -ENOMEM;
+ goto put_out;
+ }
+ np = strchr(*value, '\n');
+ if (np != NULL) {
+ np[0] = '\'';
+ np[1] = '\0';
+ }
+ error = strlen(*value);
+ } else
+ *value = vp;
+put_out:
aa_put_profile(profile);
put_cred(cred);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3a21c2b..6397721 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5737,11 +5737,9 @@ static int selinux_getprocattr(struct task_struct *p,
error = security_sid_to_context(sid, &vp, &len);
if (!error) {
- *value = kzalloc(len + 10, GFP_KERNEL);
+ *value = kasprintf(GFP_KERNEL, "selinux='%s'", vp);
if (*value == NULL)
error = -ENOMEM;
- else
- sprintf(*value, "selinux='%s'", vp);
}
}
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index d2d8624..92e66f8 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3574,18 +3574,15 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value)
{
struct smack_known *skp = smk_of_task_struct(p);
char *cp;
- int slen;
if (strcmp(name, "current") == 0) {
cp = kstrdup(skp->smk_known, GFP_KERNEL);
if (cp == NULL)
return -ENOMEM;
} else if (strcmp(name, "context") == 0) {
- slen = strlen(skp->smk_known) + 9;
- cp = kzalloc(slen, GFP_KERNEL);
+ cp = kasprintf(GFP_KERNEL, "smack='%s'", skp->smk_known);
if (cp == NULL)
return -ENOMEM;
- sprintf(cp, "smack='%s'", skp->smk_known);
} else
return -EINVAL;
Powered by blists - more mailing lists