diff mbox series

[RFC,2/3] lsm: correct error codes in security_getselfattr()

Message ID 20231024213525.361332-6-paul@paul-moore.com (mailing list archive)
State Accepted
Delegated to: Paul Moore
Headers show
Series LSM syscall tweaks | expand

Commit Message

Paul Moore Oct. 24, 2023, 9:35 p.m. UTC
We should return -EINVAL if the user specifies LSM_FLAG_SINGLE without
supplying a valid lsm_ctx struct buffer.

Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 security/security.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Casey Schaufler Oct. 24, 2023, 10:23 p.m. UTC | #1
On 10/24/2023 2:35 PM, Paul Moore wrote:
> We should return -EINVAL if the user specifies LSM_FLAG_SINGLE without
> supplying a valid lsm_ctx struct buffer.
>
> Signed-off-by: Paul Moore <paul@paul-moore.com>

Acked-by: Casey Schaufler <casey@schaufler-ca.com>

> ---
>  security/security.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/security/security.c b/security/security.c
> index 9c63acded4ee..67ded406a5ea 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -3923,9 +3923,9 @@ int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx,
>  		/*
>  		 * Only flag supported is LSM_FLAG_SINGLE
>  		 */
> -		if (flags != LSM_FLAG_SINGLE)
> +		if (flags != LSM_FLAG_SINGLE || !uctx)
>  			return -EINVAL;
> -		if (uctx && copy_from_user(&lctx, uctx, sizeof(lctx)))
> +		if (copy_from_user(&lctx, uctx, sizeof(lctx)))
>  			return -EFAULT;
>  		/*
>  		 * If the LSM ID isn't specified it is an error.
Mickaël Salaün Oct. 26, 2023, 3 p.m. UTC | #2
On Tue, Oct 24, 2023 at 05:35:28PM -0400, Paul Moore wrote:
> We should return -EINVAL if the user specifies LSM_FLAG_SINGLE without
> supplying a valid lsm_ctx struct buffer.
> 
> Signed-off-by: Paul Moore <paul@paul-moore.com>

Reviewed-by: Mickaël Salaün <mic@digikod.net>

> ---
>  security/security.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/security/security.c b/security/security.c
> index 9c63acded4ee..67ded406a5ea 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -3923,9 +3923,9 @@ int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx,
>  		/*
>  		 * Only flag supported is LSM_FLAG_SINGLE
>  		 */
> -		if (flags != LSM_FLAG_SINGLE)
> +		if (flags != LSM_FLAG_SINGLE || !uctx)
>  			return -EINVAL;
> -		if (uctx && copy_from_user(&lctx, uctx, sizeof(lctx)))
> +		if (copy_from_user(&lctx, uctx, sizeof(lctx)))
>  			return -EFAULT;
>  		/*
>  		 * If the LSM ID isn't specified it is an error.
> -- 
> 2.42.0
>
diff mbox series

Patch

diff --git a/security/security.c b/security/security.c
index 9c63acded4ee..67ded406a5ea 100644
--- a/security/security.c
+++ b/security/security.c
@@ -3923,9 +3923,9 @@  int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx,
 		/*
 		 * Only flag supported is LSM_FLAG_SINGLE
 		 */
-		if (flags != LSM_FLAG_SINGLE)
+		if (flags != LSM_FLAG_SINGLE || !uctx)
 			return -EINVAL;
-		if (uctx && copy_from_user(&lctx, uctx, sizeof(lctx)))
+		if (copy_from_user(&lctx, uctx, sizeof(lctx)))
 			return -EFAULT;
 		/*
 		 * If the LSM ID isn't specified it is an error.