[RFC PATCH 2/3] lsm: correct error codes in security_getselfattr()
Mickaël Salaün
mic at digikod.net
Thu Oct 26 15:00:27 UTC 2023
On Tue, Oct 24, 2023 at 05:35:28PM -0400, Paul Moore wrote:
> We should return -EINVAL if the user specifies LSM_FLAG_SINGLE without
> supplying a valid lsm_ctx struct buffer.
>
> Signed-off-by: Paul Moore <paul at paul-moore.com>
Reviewed-by: Mickaël Salaün <mic at digikod.net>
> ---
> security/security.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/security/security.c b/security/security.c
> index 9c63acded4ee..67ded406a5ea 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -3923,9 +3923,9 @@ int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx,
> /*
> * Only flag supported is LSM_FLAG_SINGLE
> */
> - if (flags != LSM_FLAG_SINGLE)
> + if (flags != LSM_FLAG_SINGLE || !uctx)
> return -EINVAL;
> - if (uctx && copy_from_user(&lctx, uctx, sizeof(lctx)))
> + if (copy_from_user(&lctx, uctx, sizeof(lctx)))
> return -EFAULT;
> /*
> * If the LSM ID isn't specified it is an error.
> --
> 2.42.0
>
More information about the Linux-security-module-archive
mailing list