[RFC PATCH 2/3] lsm: correct error codes in security_getselfattr()
Paul Moore
paul at paul-moore.com
Tue Oct 24 21:35:28 UTC 2023
We should return -EINVAL if the user specifies LSM_FLAG_SINGLE without
supplying a valid lsm_ctx struct buffer.
Signed-off-by: Paul Moore <paul at paul-moore.com>
---
security/security.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/security.c b/security/security.c
index 9c63acded4ee..67ded406a5ea 100644
--- a/security/security.c
+++ b/security/security.c
@@ -3923,9 +3923,9 @@ int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx,
/*
* Only flag supported is LSM_FLAG_SINGLE
*/
- if (flags != LSM_FLAG_SINGLE)
+ if (flags != LSM_FLAG_SINGLE || !uctx)
return -EINVAL;
- if (uctx && copy_from_user(&lctx, uctx, sizeof(lctx)))
+ if (copy_from_user(&lctx, uctx, sizeof(lctx)))
return -EFAULT;
/*
* If the LSM ID isn't specified it is an error.
--
2.42.0
More information about the Linux-security-module-archive
mailing list