[RFC PATCH 2/3] lsm: correct error codes in security_getselfattr()

Paul Moore paul at paul-moore.com
Tue Oct 24 21:35:28 UTC 2023


We should return -EINVAL if the user specifies LSM_FLAG_SINGLE without
supplying a valid lsm_ctx struct buffer.

Signed-off-by: Paul Moore <paul at paul-moore.com>
---
 security/security.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/security.c b/security/security.c
index 9c63acded4ee..67ded406a5ea 100644
--- a/security/security.c
+++ b/security/security.c
@@ -3923,9 +3923,9 @@ int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx,
 		/*
 		 * Only flag supported is LSM_FLAG_SINGLE
 		 */
-		if (flags != LSM_FLAG_SINGLE)
+		if (flags != LSM_FLAG_SINGLE || !uctx)
 			return -EINVAL;
-		if (uctx && copy_from_user(&lctx, uctx, sizeof(lctx)))
+		if (copy_from_user(&lctx, uctx, sizeof(lctx)))
 			return -EFAULT;
 		/*
 		 * If the LSM ID isn't specified it is an error.
-- 
2.42.0



More information about the Linux-security-module-archive mailing list