lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250116195526.2303758-1-ingyujang25@gmail.com>
Date: Fri, 17 Jan 2025 04:55:25 +0900
From: Ingyu Jang <ingyujang25@...il.com>
To: Paul Moore <paul@...l-moore.com>,
	Stephen Smalley <stephen.smalley.work@...il.com>,
	Ondrej Mosnacek <omosnace@...hat.com>
Cc: Ingyu Jang <ingyujang25@...il.com>,
	selinux@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [PATCH] selinux: Handle NULL return from selinux_inode in inode_security_rcu

The 'selinux_inode' function may return NULL if 'inode->i_security' is
uninitialized or if 'inode->i_security' is NULL.
Previously, this scenario was not explicitly handled in
'inode_security_rcu', which might lead to NULL Pointer dereference.

This patch modifies 'inode_security_rcu' to call 'selinux_inode' and
check its return value.
If 'selinux_inode' returns NULL, '-EACCES' is returned to ensure
consistent error handling.

Furthermore, analysis confirmed that all current usages of
'inode_security_rcu' check the return value using 'IS_ERR', ensuring
compatibility with this change.

Signed-off-by: Ingyu Jang <ingyujang25@...il.com>
---
 security/selinux/hooks.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 171dd7fceac5..61c9191bafbe 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -310,11 +310,17 @@ static struct inode_security_struct *inode_security_novalidate(struct inode *ino
 static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu)
 {
 	int error;
+	struct inode_security_struct *isec;
 
 	error = __inode_security_revalidate(inode, NULL, !rcu);
 	if (error)
 		return ERR_PTR(error);
-	return selinux_inode(inode);
+
+	isec = selinux_inode(inode);
+	if (!isec)
+		return ERR_PTR(-EACCES);
+
+	return isec;
 }
 
 /*
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ