| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d2019823-4500-499a-8368-76c50a582f47@schaufler-ca.com> Date: Fri, 14 Mar 2025 10:26:34 -0700 From: Casey Schaufler <casey@...aufler-ca.com> To: Florian Westphal <fw@...len.de> Cc: Chenyuan Yang <chenyuan0y@...il.com>, netfilter-devel@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Casey Schaufler <casey@...aufler-ca.com> Subject: Re: [PATCH] net: Initialize ctx to avoid memory allocation error On 3/14/2025 9:47 AM, Florian Westphal wrote: > Casey Schaufler <casey@...aufler-ca.com> wrote: >> If seclen is 0 it implies that there is no security context and that >> the secctx is NULL. How that is handled in the release function is up >> to the LSM. SELinux allocates secctx data, while Smack points to an >> entry in a persistent table. >> >>> seclen needs to be > 0 or no secinfo is passed to userland, >>> yet the secctx release function is called anyway. >> That is correct. The security module is responsible for handling >> the release of secctx correctly. >> >>> Should seclen be initialised to -1? Or we need the change below too? >> No. The security modules handle secctx their own way. > Well, as-is security_release_secctx() can be called with garbage ctx; > seclen is inited to 0, but ctx is not initialized unconditionally. Which isn't an issue for any existing security module.
Powered by blists - more mailing lists