lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20200824.160847.2223520902285907820.davem@davemloft.net>
Date:   Mon, 24 Aug 2020 16:08:47 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     paul@...l-moore.com
Cc:     netdev@...r.kernel.org, linux-security-module@...r.kernel.org,
        selinux@...r.kernel.org, stephen.smalley.work@...il.com
Subject: Re: [net PATCH] netlabel: fix problems with mapping removal

From: Paul Moore <paul@...l-moore.com>
Date: Fri, 21 Aug 2020 16:34:52 -0400

> This patch fixes two main problems seen when removing NetLabel
> mappings: memory leaks and potentially extra audit noise.
> 
> The memory leaks are caused by not properly free'ing the mapping's
> address selector struct when free'ing the entire entry as well as
> not properly cleaning up a temporary mapping entry when adding new
> address selectors to an existing entry.  This patch fixes both these
> problems such that kmemleak reports no NetLabel associated leaks
> after running the SELinux test suite.
> 
> The potentially extra audit noise was caused by the auditing code in
> netlbl_domhsh_remove_entry() being called regardless of the entry's
> validity.  If another thread had already marked the entry as invalid,
> but not removed/free'd it from the list of mappings, then it was
> possible that an additional mapping removal audit record would be
> generated.  This patch fixes this by returning early from the removal
> function when the entry was previously marked invalid.  This change
> also had the side benefit of improving the code by decreasing the
> indentation level of large chunk of code by one (accounting for most
> of the diffstat).
> 
> Fixes: 63c416887437 ("netlabel: Add network address selectors to the NetLabel/LSM domain mapping")
> Reported-by: Stephen Smalley <stephen.smalley.work@...il.com>
> Signed-off-by: Paul Moore <paul@...l-moore.com>

Applied and queued up for -stable, thanks Paul.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ