lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 26 Feb 2024 14:59:59 -0500
From: Paul Moore <paul@...l-moore.com>
To: Mickaël Salaün <mic@...ikod.net>
Cc: Casey Schaufler <casey@...aufler-ca.com>, John Johansen <john.johansen@...onical.com>, 
	James Morris <jmorris@...ei.org>, "Serge E . Hallyn" <serge@...lyn.com>, linux-kernel@...r.kernel.org, 
	linux-security-module@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH 2/2] AppArmor: Fix lsm_get_self_attr()

On Fri, Feb 23, 2024 at 4:07 PM Paul Moore <paul@...l-moore.com> wrote:
> On Fri, Feb 23, 2024 at 2:06 PM Mickaël Salaün <mic@...ikod.net> wrote:
> >
> > aa_getprocattr() may not initialize the value's pointer in some case.
> > As for proc_pid_attr_read(), initialize this pointer to NULL in
> > apparmor_getselfattr() to avoid an UAF in the kfree() call.
> >
> > Cc: Casey Schaufler <casey@...aufler-ca.com>
> > Cc: John Johansen <john.johansen@...onical.com>
> > Cc: Paul Moore <paul@...l-moore.com>
> > Cc: stable@...r.kernel.org
> > Fixes: 223981db9baf ("AppArmor: Add selfattr hooks")
> > Signed-off-by: Mickaël Salaün <mic@...ikod.net>
> > ---
> >  security/apparmor/lsm.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
>
> If you like John, I can send this up to Linus with the related SELinux
> fix, I would just need an ACK from you.

Reviewed-by: Paul Moore <paul@...l-moore.com>

This patch looks good to me, and while we've still got at least two
(maybe three?) more weeks before v6.8 is tagged, I think it would be
good to get this up to Linus ASAP.  I'll hold off for another day, but
if we don't see any comment from John I'll go ahead and merge this and
send it up to Linus with the SELinux fix; I'm sure John wouldn't be
happy if v6.8 went out the door without this fix.

> > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
> > index 98e1150bee9d..9a3dcaafb5b1 100644
> > --- a/security/apparmor/lsm.c
> > +++ b/security/apparmor/lsm.c
> > @@ -784,7 +784,7 @@ static int apparmor_getselfattr(unsigned int attr, struct lsm_ctx __user *lx,
> >         int error = -ENOENT;
> >         struct aa_task_ctx *ctx = task_ctx(current);
> >         struct aa_label *label = NULL;
> > -       char *value;
> > +       char *value = NULL;
> >
> >         switch (attr) {
> >         case LSM_ATTR_CURRENT:
> > --
> > 2.43.0

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ