lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 11 Jun 2022 17:05:50 +0800
From:   Xiu Jianfeng <xiujianfeng@...wei.com>
To:     <paul@...l-moore.com>, <stephen.smalley.work@...il.com>,
        <eparis@...isplace.org>, <omosnace@...hat.com>
CC:     <selinux@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: [PATCH -next] selinux: Fix potential memory leak in selinux_add_opt

In the entry of selinux_add_opt, *mnt_opts may be assigned to new
allocated memory, and also may be freed and reset at the end of the
function. however, if security_context_str_to_sid failed, it returns
directly and skips the procedure for free and reset, even if it may be
handled at the caller of this function, It is better to handle it
inside.

Fixes: 70f4169ab421 ("selinux: parse contexts for mount options early")
Signed-off-by: Xiu Jianfeng <xiujianfeng@...wei.com>
---
 security/selinux/hooks.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 4af4986d3893..3d67c1dab2c6 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -949,7 +949,7 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts)
 	struct selinux_mnt_opts *opts = *mnt_opts;
 	bool is_alloc_opts = false;
 	u32 *dst_sid;
-	int rc;
+	int rc = -EINVAL;
 
 	if (token == Opt_seclabel)
 		/* eaten and completely ignored */
@@ -993,13 +993,15 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts)
 		break;
 	default:
 		WARN_ON(1);
-		return -EINVAL;
+		goto err;
 	}
 	rc = security_context_str_to_sid(&selinux_state, s, dst_sid, GFP_KERNEL);
-	if (rc)
+	if (rc) {
 		pr_warn("SELinux: security_context_str_to_sid (%s) failed with errno=%d\n",
 			s, rc);
-	return rc;
+		goto err;
+	}
+	return 0;
 
 err:
 	if (is_alloc_opts) {
@@ -1007,7 +1009,7 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts)
 		*mnt_opts = NULL;
 	}
 	pr_warn(SEL_MOUNT_FAIL_MSG);
-	return -EINVAL;
+	return rc;
 }
 
 static int show_sid(struct seq_file *m, u32 sid)
-- 
2.17.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ