Commit bf0edf39 authored by Paul Moore's avatar Paul Moore Committed by David S. Miller

NetLabel: better error handling involving mls_export_cat()

Upon inspection it looked like the error handling for mls_export_cat() was
rather poor.  This patch addresses this by NULL'ing out kfree()'d pointers
before returning and checking the return value of the function everywhere
it is called.
Signed-off-by: default avatarPaul Moore <paul.moore@hp.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 044a68ed
...@@ -93,11 +93,15 @@ int ebitmap_export(const struct ebitmap *src, ...@@ -93,11 +93,15 @@ int ebitmap_export(const struct ebitmap *src,
size_t bitmap_byte; size_t bitmap_byte;
unsigned char bitmask; unsigned char bitmask;
if (src->highbit == 0) {
*dst = NULL;
*dst_len = 0;
return 0;
}
bitmap_len = src->highbit / 8; bitmap_len = src->highbit / 8;
if (src->highbit % 7) if (src->highbit % 7)
bitmap_len += 1; bitmap_len += 1;
if (bitmap_len == 0)
return -EINVAL;
bitmap = kzalloc((bitmap_len & ~(sizeof(MAPTYPE) - 1)) + bitmap = kzalloc((bitmap_len & ~(sizeof(MAPTYPE) - 1)) +
sizeof(MAPTYPE), sizeof(MAPTYPE),
......
...@@ -640,8 +640,13 @@ int mls_export_cat(const struct context *context, ...@@ -640,8 +640,13 @@ int mls_export_cat(const struct context *context,
{ {
int rc = -EPERM; int rc = -EPERM;
if (!selinux_mls_enabled) if (!selinux_mls_enabled) {
*low = NULL;
*low_len = 0;
*high = NULL;
*high_len = 0;
return 0; return 0;
}
if (low != NULL) { if (low != NULL) {
rc = ebitmap_export(&context->range.level[0].cat, rc = ebitmap_export(&context->range.level[0].cat,
...@@ -661,10 +666,16 @@ int mls_export_cat(const struct context *context, ...@@ -661,10 +666,16 @@ int mls_export_cat(const struct context *context,
return 0; return 0;
export_cat_failure: export_cat_failure:
if (low != NULL) if (low != NULL) {
kfree(*low); kfree(*low);
if (high != NULL) *low = NULL;
*low_len = 0;
}
if (high != NULL) {
kfree(*high); kfree(*high);
*high = NULL;
*high_len = 0;
}
return rc; return rc;
} }
......
...@@ -2399,31 +2399,33 @@ static int selinux_netlbl_socket_setsid(struct socket *sock, u32 sid) ...@@ -2399,31 +2399,33 @@ static int selinux_netlbl_socket_setsid(struct socket *sock, u32 sid)
if (!ss_initialized) if (!ss_initialized)
return 0; return 0;
netlbl_secattr_init(&secattr);
POLICY_RDLOCK; POLICY_RDLOCK;
ctx = sidtab_search(&sidtab, sid); ctx = sidtab_search(&sidtab, sid);
if (ctx == NULL) if (ctx == NULL)
goto netlbl_socket_setsid_return; goto netlbl_socket_setsid_return;
netlbl_secattr_init(&secattr);
secattr.domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1], secattr.domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1],
GFP_ATOMIC); GFP_ATOMIC);
mls_export_lvl(ctx, &secattr.mls_lvl, NULL); mls_export_lvl(ctx, &secattr.mls_lvl, NULL);
secattr.mls_lvl_vld = 1; secattr.mls_lvl_vld = 1;
mls_export_cat(ctx, rc = mls_export_cat(ctx,
&secattr.mls_cat, &secattr.mls_cat,
&secattr.mls_cat_len, &secattr.mls_cat_len,
NULL, NULL,
NULL); NULL);
if (rc != 0)
goto netlbl_socket_setsid_return;
rc = netlbl_socket_setattr(sock, &secattr); rc = netlbl_socket_setattr(sock, &secattr);
if (rc == 0) if (rc == 0)
sksec->nlbl_state = NLBL_LABELED; sksec->nlbl_state = NLBL_LABELED;
netlbl_secattr_destroy(&secattr);
netlbl_socket_setsid_return: netlbl_socket_setsid_return:
POLICY_RDUNLOCK; POLICY_RDUNLOCK;
netlbl_secattr_destroy(&secattr);
return rc; return rc;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment