Message ID | 20231024213525.361332-6-paul@paul-moore.com (mailing list archive) |
---|---|
State | Accepted |
Delegated to: | Paul Moore |
Headers | show |
Series | LSM syscall tweaks | expand |
On 10/24/2023 2:35 PM, Paul Moore wrote: > We should return -EINVAL if the user specifies LSM_FLAG_SINGLE without > supplying a valid lsm_ctx struct buffer. > > Signed-off-by: Paul Moore <paul@paul-moore.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> > --- > security/security.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/security/security.c b/security/security.c > index 9c63acded4ee..67ded406a5ea 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -3923,9 +3923,9 @@ int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx, > /* > * Only flag supported is LSM_FLAG_SINGLE > */ > - if (flags != LSM_FLAG_SINGLE) > + if (flags != LSM_FLAG_SINGLE || !uctx) > return -EINVAL; > - if (uctx && copy_from_user(&lctx, uctx, sizeof(lctx))) > + if (copy_from_user(&lctx, uctx, sizeof(lctx))) > return -EFAULT; > /* > * If the LSM ID isn't specified it is an error.
On Tue, Oct 24, 2023 at 05:35:28PM -0400, Paul Moore wrote: > We should return -EINVAL if the user specifies LSM_FLAG_SINGLE without > supplying a valid lsm_ctx struct buffer. > > Signed-off-by: Paul Moore <paul@paul-moore.com> Reviewed-by: Mickaël Salaün <mic@digikod.net> > --- > security/security.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/security/security.c b/security/security.c > index 9c63acded4ee..67ded406a5ea 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -3923,9 +3923,9 @@ int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx, > /* > * Only flag supported is LSM_FLAG_SINGLE > */ > - if (flags != LSM_FLAG_SINGLE) > + if (flags != LSM_FLAG_SINGLE || !uctx) > return -EINVAL; > - if (uctx && copy_from_user(&lctx, uctx, sizeof(lctx))) > + if (copy_from_user(&lctx, uctx, sizeof(lctx))) > return -EFAULT; > /* > * If the LSM ID isn't specified it is an error. > -- > 2.42.0 >
diff --git a/security/security.c b/security/security.c index 9c63acded4ee..67ded406a5ea 100644 --- a/security/security.c +++ b/security/security.c @@ -3923,9 +3923,9 @@ int security_getselfattr(unsigned int attr, struct lsm_ctx __user *uctx, /* * Only flag supported is LSM_FLAG_SINGLE */ - if (flags != LSM_FLAG_SINGLE) + if (flags != LSM_FLAG_SINGLE || !uctx) return -EINVAL; - if (uctx && copy_from_user(&lctx, uctx, sizeof(lctx))) + if (copy_from_user(&lctx, uctx, sizeof(lctx))) return -EFAULT; /* * If the LSM ID isn't specified it is an error.
We should return -EINVAL if the user specifies LSM_FLAG_SINGLE without supplying a valid lsm_ctx struct buffer. Signed-off-by: Paul Moore <paul@paul-moore.com> --- security/security.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)