[PATCH] reiserfs: Initialize sec->length in reiserfs_security_init().
Paul Moore
paul at paul-moore.com
Thu May 25 21:49:28 UTC 2023
On Sat, May 20, 2023 at 3:47 PM Paul Moore <paul at paul-moore.com> wrote:
> On Thu, May 11, 2023 at 10:49 AM Tetsuo Handa
> <penguin-kernel at i-love.sakura.ne.jp> wrote:
> >
> > syzbot is reporting that sec->length is not initialized.
> >
> > Since security_inode_init_security() returns 0 when initxattrs is provided
> > but call_int_hook(inode_init_security) returned -EOPNOTSUPP, control will
> > reach to "if (sec->length && ...) {" without initializing sec->length.
> >
> > Reported-by: syzbot <syzbot+00a3779539a23cbee38c at syzkaller.appspotmail.com>
> > Closes: https://syzkaller.appspot.com/bug?extid=00a3779539a23cbee38c
> > Signed-off-by: Tetsuo Handa <penguin-kernel at I-love.SAKURA.ne.jp>
> > Fixes: 52ca4b6435a4 ("reiserfs: Switch to security_inode_init_security()")
> > ---
> > fs/reiserfs/xattr_security.c | 1 +
> > 1 file changed, 1 insertion(+)
>
> Adding the LSM list to the CC line.
I haven't seen any objections, and it looks reasonable to me so I've
gone ahead and merged it into lsm/next. This is arguably
lsm/stable-6.4 material, but I'm going to stick with lsm/next in hopes
that Roberto can resolve the other reiserfs issue and we can push all
the reiser fixes up to Linus in one shot.
The reality is that LSM xattrs have been broken on reiserfs for a long
time and no one has complained, I figure a few more weeks isn't going
to matter that much.
Regardless, thanks for digging into this syzbot failure and sending a patch.
> > diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c
> > index 6e0a099dd788..078dd8cc312f 100644
> > --- a/fs/reiserfs/xattr_security.c
> > +++ b/fs/reiserfs/xattr_security.c
> > @@ -67,6 +67,7 @@ int reiserfs_security_init(struct inode *dir, struct inode *inode,
> >
> > sec->name = NULL;
> > sec->value = NULL;
> > + sec->length = 0;
> >
> > /* Don't add selinux attributes on xattrs - they'll never get used */
> > if (IS_PRIVATE(dir))
> > --
> > 2.18.4
--
paul-moore.com
More information about the Linux-security-module-archive
mailing list