mirror of
https://github.com/adulau/aha.git
synced 2024-12-29 12:16:20 +00:00
NetLabel: better error handling involving mls_export_cat()
Upon inspection it looked like the error handling for mls_export_cat() was rather poor. This patch addresses this by NULL'ing out kfree()'d pointers before returning and checking the return value of the function everywhere it is called. Signed-off-by: Paul Moore <paul.moore@hp.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
044a68ed8a
commit
bf0edf3929
3 changed files with 30 additions and 13 deletions
|
@ -93,11 +93,15 @@ int ebitmap_export(const struct ebitmap *src,
|
||||||
size_t bitmap_byte;
|
size_t bitmap_byte;
|
||||||
unsigned char bitmask;
|
unsigned char bitmask;
|
||||||
|
|
||||||
|
if (src->highbit == 0) {
|
||||||
|
*dst = NULL;
|
||||||
|
*dst_len = 0;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
bitmap_len = src->highbit / 8;
|
bitmap_len = src->highbit / 8;
|
||||||
if (src->highbit % 7)
|
if (src->highbit % 7)
|
||||||
bitmap_len += 1;
|
bitmap_len += 1;
|
||||||
if (bitmap_len == 0)
|
|
||||||
return -EINVAL;
|
|
||||||
|
|
||||||
bitmap = kzalloc((bitmap_len & ~(sizeof(MAPTYPE) - 1)) +
|
bitmap = kzalloc((bitmap_len & ~(sizeof(MAPTYPE) - 1)) +
|
||||||
sizeof(MAPTYPE),
|
sizeof(MAPTYPE),
|
||||||
|
|
|
@ -640,8 +640,13 @@ int mls_export_cat(const struct context *context,
|
||||||
{
|
{
|
||||||
int rc = -EPERM;
|
int rc = -EPERM;
|
||||||
|
|
||||||
if (!selinux_mls_enabled)
|
if (!selinux_mls_enabled) {
|
||||||
|
*low = NULL;
|
||||||
|
*low_len = 0;
|
||||||
|
*high = NULL;
|
||||||
|
*high_len = 0;
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
if (low != NULL) {
|
if (low != NULL) {
|
||||||
rc = ebitmap_export(&context->range.level[0].cat,
|
rc = ebitmap_export(&context->range.level[0].cat,
|
||||||
|
@ -661,10 +666,16 @@ int mls_export_cat(const struct context *context,
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
export_cat_failure:
|
export_cat_failure:
|
||||||
if (low != NULL)
|
if (low != NULL) {
|
||||||
kfree(*low);
|
kfree(*low);
|
||||||
if (high != NULL)
|
*low = NULL;
|
||||||
|
*low_len = 0;
|
||||||
|
}
|
||||||
|
if (high != NULL) {
|
||||||
kfree(*high);
|
kfree(*high);
|
||||||
|
*high = NULL;
|
||||||
|
*high_len = 0;
|
||||||
|
}
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2399,31 +2399,33 @@ static int selinux_netlbl_socket_setsid(struct socket *sock, u32 sid)
|
||||||
if (!ss_initialized)
|
if (!ss_initialized)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
netlbl_secattr_init(&secattr);
|
||||||
|
|
||||||
POLICY_RDLOCK;
|
POLICY_RDLOCK;
|
||||||
|
|
||||||
ctx = sidtab_search(&sidtab, sid);
|
ctx = sidtab_search(&sidtab, sid);
|
||||||
if (ctx == NULL)
|
if (ctx == NULL)
|
||||||
goto netlbl_socket_setsid_return;
|
goto netlbl_socket_setsid_return;
|
||||||
|
|
||||||
netlbl_secattr_init(&secattr);
|
|
||||||
secattr.domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1],
|
secattr.domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1],
|
||||||
GFP_ATOMIC);
|
GFP_ATOMIC);
|
||||||
mls_export_lvl(ctx, &secattr.mls_lvl, NULL);
|
mls_export_lvl(ctx, &secattr.mls_lvl, NULL);
|
||||||
secattr.mls_lvl_vld = 1;
|
secattr.mls_lvl_vld = 1;
|
||||||
mls_export_cat(ctx,
|
rc = mls_export_cat(ctx,
|
||||||
&secattr.mls_cat,
|
&secattr.mls_cat,
|
||||||
&secattr.mls_cat_len,
|
&secattr.mls_cat_len,
|
||||||
NULL,
|
NULL,
|
||||||
NULL);
|
NULL);
|
||||||
|
if (rc != 0)
|
||||||
|
goto netlbl_socket_setsid_return;
|
||||||
|
|
||||||
rc = netlbl_socket_setattr(sock, &secattr);
|
rc = netlbl_socket_setattr(sock, &secattr);
|
||||||
if (rc == 0)
|
if (rc == 0)
|
||||||
sksec->nlbl_state = NLBL_LABELED;
|
sksec->nlbl_state = NLBL_LABELED;
|
||||||
|
|
||||||
netlbl_secattr_destroy(&secattr);
|
|
||||||
|
|
||||||
netlbl_socket_setsid_return:
|
netlbl_socket_setsid_return:
|
||||||
POLICY_RDUNLOCK;
|
POLICY_RDUNLOCK;
|
||||||
|
netlbl_secattr_destroy(&secattr);
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue