From patchwork Thu Feb 9 17:11:27 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Colin King X-Patchwork-Id: 9565233 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 3C90D601C3 for ; Thu, 9 Feb 2017 17:16:37 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2CCB628541 for ; Thu, 9 Feb 2017 17:16:37 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2168F28544; Thu, 9 Feb 2017 17:16:37 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C416828541 for ; Thu, 9 Feb 2017 17:16:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754188AbdBIRPw (ORCPT ); Thu, 9 Feb 2017 12:15:52 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:55290 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752038AbdBIROi (ORCPT ); Thu, 9 Feb 2017 12:14:38 -0500 Received: from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1cbsHE-0000tT-O5; Thu, 09 Feb 2017 17:13:00 +0000 From: Colin King To: Casey Schaufler , James Morris , "Serge E . Hally" , linux-security-module@vger.kernel.org Cc: kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH][V2] Smack: fix a dereference before null check on sock->sk Date: Thu, 9 Feb 2017 17:11:27 +0000 Message-Id: <20170209171127.5029-1-colin.king@canonical.com> X-Mailer: git-send-email 2.10.2 MIME-Version: 1.0 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Colin Ian King The initialisation of pointer ssp is from a dereference on sock->sk before sock-sk is null checked, hence there is a potential for a null pointer deference. Fix this by moving the assignment of ssp to just before it is used in the call to smk_ipv6_check. Also minor clean up of code to reduce #ifdef noise. Detected with CoverityScan, CID#1324196 ("Dereference before null check") Signed-off-by: Colin Ian King --- security/smack/smack_lsm.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index fc8fb31..0c5656d 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2897,10 +2897,6 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, #if IS_ENABLED(CONFIG_IPV6) struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; #endif -#ifdef SMACK_IPV6_SECMARK_LABELING - struct smack_known *rsp; - struct socket_smack *ssp = sock->sk->sk_security; -#endif if (sock->sk == NULL) return 0; @@ -2915,10 +2911,17 @@ static int smack_socket_connect(struct socket *sock, struct sockaddr *sap, if (addrlen < sizeof(struct sockaddr_in6)) return -EINVAL; #ifdef SMACK_IPV6_SECMARK_LABELING - rsp = smack_ipv6host_label(sip); - if (rsp != NULL) - rc = smk_ipv6_check(ssp->smk_out, rsp, sip, - SMK_CONNECTING); + { + struct smack_known *rsp = smack_ipv6host_label(sip); + + if (rsp != NULL) { + struct socket_smack *ssp = + sock->sk->sk_security; + + rc = smk_ipv6_check(ssp->smk_out, rsp, sip, + SMK_CONNECTING); + } + } #endif #ifdef SMACK_IPV6_PORT_LABELING rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);