[PATCH] fix security_release_secctx seems broken

Konstantin Khlebnikov khlebnikov at yandex-team.ru
Wed Sep 20 11:48:13 UTC 2017


On 19.09.2017 19:39, Casey Schaufler wrote:
> Subject: [PATCH] fix security_release_secctx seems broken
> 
> security_inode_getsecurity() provides the text string value
> of a security attribute. It does not provide a "secctx".
> The code in xattr_getsecurity() that calls security_inode_getsecurity()
> and then calls security_release_secctx() happened to work because
> SElinux and Smack treat the attribute and the secctx the same way.
> It fails for cap_inode_getsecurity(), because that module has no
> secctx that ever needs releasing. It turns out that Smack is the
> one that's doing things wrong by not allocating memory when instructed
> to do so by the "alloc" parameter.
> 
> The fix is simple enough. Change the security_release_secctx() to
> kfree() because it isn't a secctx being returned by
> security_inode_getsecurity(). Change Smack to allocate the string when
> told to do so.
> 
> Signed-off-by: Casey Schaufler <casey at schaufler-ca.com>

Looks good for me.

Reviewed-by: Konstantin Khlebnikov <khlebnikov at yandex-team.ru>


> 
> ---
>   fs/xattr.c                 |  2 +-
>   security/smack/smack_lsm.c | 55 +++++++++++++++++++++-------------------------
>   2 files changed, 26 insertions(+), 31 deletions(-)
> 
> diff --git a/fs/xattr.c b/fs/xattr.c
> index 4424f7fecf14..61cd28ba25f3 100644
> --- a/fs/xattr.c
> +++ b/fs/xattr.c
> @@ -250,7 +250,7 @@ xattr_getsecurity(struct inode *inode, const char *name, void *value,
>   	}
>   	memcpy(value, buffer, len);
>   out:
> -	security_release_secctx(buffer, len);
> +	kfree(buffer);
>   out_noalloc:
>   	return len;
>   }
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 319add31b4a4..286171a16ed2 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -1473,7 +1473,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
>    * @inode: the object
>    * @name: attribute name
>    * @buffer: where to put the result
> - * @alloc: unused
> + * @alloc: duplicate memory
>    *
>    * Returns the size of the attribute or an error code
>    */
> @@ -1486,43 +1486,38 @@ static int smack_inode_getsecurity(struct inode *inode,
>   	struct super_block *sbp;
>   	struct inode *ip = (struct inode *)inode;
>   	struct smack_known *isp;
> -	int ilen;
> -	int rc = 0;
>   
> -	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
> +	if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
>   		isp = smk_of_inode(inode);
> -		ilen = strlen(isp->smk_known);
> -		*buffer = isp->smk_known;
> -		return ilen;
> -	}
> +	else {
> +		/*
> +		 * The rest of the Smack xattrs are only on sockets.
> +		 */
> +		sbp = ip->i_sb;
> +		if (sbp->s_magic != SOCKFS_MAGIC)
> +			return -EOPNOTSUPP;
>   
> -	/*
> -	 * The rest of the Smack xattrs are only on sockets.
> -	 */
> -	sbp = ip->i_sb;
> -	if (sbp->s_magic != SOCKFS_MAGIC)
> -		return -EOPNOTSUPP;
> +		sock = SOCKET_I(ip);
> +		if (sock == NULL || sock->sk == NULL)
> +			return -EOPNOTSUPP;
>   
> -	sock = SOCKET_I(ip);
> -	if (sock == NULL || sock->sk == NULL)
> -		return -EOPNOTSUPP;
> -
> -	ssp = sock->sk->sk_security;
> +		ssp = sock->sk->sk_security;
>   
> -	if (strcmp(name, XATTR_SMACK_IPIN) == 0)
> -		isp = ssp->smk_in;
> -	else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
> -		isp = ssp->smk_out;
> -	else
> -		return -EOPNOTSUPP;
> +		if (strcmp(name, XATTR_SMACK_IPIN) == 0)
> +			isp = ssp->smk_in;
> +		else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
> +			isp = ssp->smk_out;
> +		else
> +			return -EOPNOTSUPP;
> +	}
>   
> -	ilen = strlen(isp->smk_known);
> -	if (rc == 0) {
> -		*buffer = isp->smk_known;
> -		rc = ilen;
> +	if (alloc) {
> +		*buffer = kstrdup(isp->smk_known, GFP_KERNEL);
> +		if (*buffer == NULL)
> +			return -ENOMEM;
>   	}
>   
> -	return rc;
> +	return strlen(isp->smk_known);
>   }
>   
>   
> 
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list