diff options
| author | Paul Moore <paul@paul-moore.com> | 2024-10-25 11:21:29 -0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-11-08 16:19:22 +0100 |
| commit | acc599ee46881a9d377c33e7848e6bb2d97ef862 (patch) | |
| tree | 1f68610d82010220da1fa777b84f877584c3060b | |
| parent | 7abd221a55a61b6b2bf0e80f850bfc0ae75c7e01 (diff) | |
| download | linux-stable-acc599ee46881a9d377c33e7848e6bb2d97ef862.tar.gz linux-stable-acc599ee46881a9d377c33e7848e6bb2d97ef862.tar.bz2 linux-stable-acc599ee46881a9d377c33e7848e6bb2d97ef862.zip | |
selinux: improve error checking in sel_write_load()
[ Upstream commit 42c773238037c90b3302bf37a57ae3b5c3f6004a ]
Move our existing input sanity checking to the top of sel_write_load()
and add a check to ensure the buffer size is non-zero.
Move a local variable initialization from the declaration to before it
is used.
Minor style adjustments.
Reported-by: Sam Sun <samsun1006219@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
[cascardo: keep fsi initialization at its declaration point as it is used earlier]
[cascardo: keep check for 64MiB size limit]
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
| -rw-r--r-- | security/selinux/selinuxfs.c | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 60b3f16bb5c7..c35aab9f2447 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -536,6 +536,16 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf, ssize_t length; void *data = NULL; + /* no partial writes */ + if (*ppos) + return -EINVAL; + /* no empty policies */ + if (!count) + return -EINVAL; + + if (count > 64 * 1024 * 1024) + return -EFBIG; + mutex_lock(&fsi->mutex); length = avc_has_perm(&selinux_state, @@ -544,23 +554,15 @@ static ssize_t sel_write_load(struct file *file, const char __user *buf, if (length) goto out; - /* No partial writes. */ - length = -EINVAL; - if (*ppos != 0) - goto out; - - length = -EFBIG; - if (count > 64 * 1024 * 1024) - goto out; - - length = -ENOMEM; data = vmalloc(count); - if (!data) + if (!data) { + length = -ENOMEM; goto out; - - length = -EFAULT; - if (copy_from_user(data, buf, count) != 0) + } + if (copy_from_user(data, buf, count) != 0) { + length = -EFAULT; goto out; + } length = security_load_policy(fsi->state, data, count); if (length) { @@ -579,6 +581,7 @@ out1: "auid=%u ses=%u lsm=selinux res=1", from_kuid(&init_user_ns, audit_get_loginuid(current)), audit_get_sessionid(current)); + out: mutex_unlock(&fsi->mutex); vfree(data); |