lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20210305024602.203217-1-unclexiaole@gmail.com>
Date:   Fri,  5 Mar 2021 02:46:02 +0000
From:   Jiele zhao <unclexiaole@...il.com>
To:     keescook@...omium.org
Cc:     jmorris@...ei.org, serge@...lyn.com,
        linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org, Jiele zhao <unclexiaole@...il.com>
Subject: [PATCH v2] security/loadpin: Replace "kernel_read_file_str[j]" with function "kernel_read_file_id_str(j)".

Actually Linux kernel already provide function "kernel_read_file_id_str()"
for secure access in "kernel_read_file.h".
And, in "parse_exclude()" function, it's better to use

	BUILD_BUG_ON(ARRAY_SIZE(kernel_read_file_str) - 1 ==
		ARRAY_SIZE(ignore_read_file_id));

to make sure the arrays stay within expected sizes.

Signed-off-by: Jiele zhao <unclexiaole@...il.com>
---
 security/loadpin/loadpin.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c
index b12f7d986b1e..3d59ff363087 100644
--- a/security/loadpin/loadpin.c
+++ b/security/loadpin/loadpin.c
@@ -210,9 +210,10 @@ static void __init parse_exclude(void)
 	 */
 	BUILD_BUG_ON(ARRAY_SIZE(exclude_read_files) !=
 		     ARRAY_SIZE(ignore_read_file_id));
-	BUILD_BUG_ON(ARRAY_SIZE(kernel_read_file_str) <
+	BUILD_BUG_ON(ARRAY_SIZE(kernel_read_file_str) - 1 ==
 		     ARRAY_SIZE(ignore_read_file_id));
 
+
 	for (i = 0; i < ARRAY_SIZE(exclude_read_files); i++) {
 		cur = exclude_read_files[i];
 		if (!cur)
@@ -221,9 +222,9 @@ static void __init parse_exclude(void)
 			continue;
 
 		for (j = 0; j < ARRAY_SIZE(ignore_read_file_id); j++) {
-			if (strcmp(cur, kernel_read_file_str[j]) == 0) {
+			if (strcmp(cur, kernel_read_file_id_str(j)) == 0) {
 				pr_info("excluding: %s\n",
-					kernel_read_file_str[j]);
+					kernel_read_file_id_str(j));
 				ignore_read_file_id[j] = 1;
 				/*
 				 * Can not break, because one read_file_str
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ