* [PATCH] apparmor: Fix error cod in __aa_fs_profile_mkdir()
@ 2017-05-23 14:33 ` Dan Carpenter
0 siblings, 0 replies; 8+ messages in thread
From: Dan Carpenter @ 2017-05-23 14:33 UTC (permalink / raw)
To: linux-security-module
We can either return PTR_ERR(NULL) or a PTR_ERR(a valid pointer) here.
Returning NULL is probably not good, but since this happens at boot
then we are probably already toasted if we were to hit this bug in real
life. In other words, it seems like a very low severity bug to me.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 4f6ac9dbc65d..18f0d105084d 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -728,8 +728,10 @@ int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
- if (!profile->dirname)
- goto fail;
+ if (!profile->dirname) {
+ error = -ENOMEM;
+ goto fail2;
+ }
mangle_name(profile->base.name, profile->dirname);
sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH] apparmor: Fix error cod in __aa_fs_profile_mkdir()
@ 2017-05-23 14:33 ` Dan Carpenter
0 siblings, 0 replies; 8+ messages in thread
From: Dan Carpenter @ 2017-05-23 14:33 UTC (permalink / raw)
To: linux-security-module
We can either return PTR_ERR(NULL) or a PTR_ERR(a valid pointer) here.
Returning NULL is probably not good, but since this happens at boot
then we are probably already toasted if we were to hit this bug in real
life. In other words, it seems like a very low severity bug to me.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 4f6ac9dbc65d..18f0d105084d 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -728,8 +728,10 @@ int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
- if (!profile->dirname)
- goto fail;
+ if (!profile->dirname) {
+ error = -ENOMEM;
+ goto fail2;
+ }
mangle_name(profile->base.name, profile->dirname);
sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] apparmor: Fix error cod in __aa_fs_profile_mkdir()
2017-05-23 14:33 ` Dan Carpenter
@ 2017-05-23 15:19 ` walter harms
-1 siblings, 0 replies; 8+ messages in thread
From: walter harms @ 2017-05-23 15:19 UTC (permalink / raw)
To: linux-security-module
Am 23.05.2017 16:33, schrieb Dan Carpenter:
> We can either return PTR_ERR(NULL) or a PTR_ERR(a valid pointer) here.
> Returning NULL is probably not good, but since this happens at boot
> then we are probably already toasted if we were to hit this bug in real
> life. In other words, it seems like a very low severity bug to me.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index 4f6ac9dbc65d..18f0d105084d 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -728,8 +728,10 @@ int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
> id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
>
> profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
> - if (!profile->dirname)
> - goto fail;
> + if (!profile->dirname) {
> + error = -ENOMEM;
> + goto fail2;
> + }
>
> mangle_name(profile->base.name, profile->dirname);
> sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
Can mangle_name made to return a propper string ?
IFF this can be reduced to
profile->dirname =kasprintf(GFP_KERNEL,"%s.%ld",mangle_name(),profile->ns->uniq_id);
if (!profile->dirname) ....
just a hint.
re,
wh
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] apparmor: Fix error cod in __aa_fs_profile_mkdir()
@ 2017-05-23 15:19 ` walter harms
0 siblings, 0 replies; 8+ messages in thread
From: walter harms @ 2017-05-23 15:19 UTC (permalink / raw)
To: linux-security-module
Am 23.05.2017 16:33, schrieb Dan Carpenter:
> We can either return PTR_ERR(NULL) or a PTR_ERR(a valid pointer) here.
> Returning NULL is probably not good, but since this happens at boot
> then we are probably already toasted if we were to hit this bug in real
> life. In other words, it seems like a very low severity bug to me.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index 4f6ac9dbc65d..18f0d105084d 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -728,8 +728,10 @@ int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
> id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
>
> profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
> - if (!profile->dirname)
> - goto fail;
> + if (!profile->dirname) {
> + error = -ENOMEM;
> + goto fail2;
> + }
>
> mangle_name(profile->base.name, profile->dirname);
> sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
Can mangle_name made to return a propper string ?
IFF this can be reduced to
profile->dirname =kasprintf(GFP_KERNEL,"%s.%ld",mangle_name(),profile->ns->uniq_id);
if (!profile->dirname) ....
just a hint.
re,
wh
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] apparmor: Fix error cod in __aa_fs_profile_mkdir()
2017-05-23 14:33 ` Dan Carpenter
@ 2017-05-23 18:38 ` John Johansen
-1 siblings, 0 replies; 8+ messages in thread
From: John Johansen @ 2017-05-23 18:38 UTC (permalink / raw)
To: linux-security-module
On 05/23/2017 07:33 AM, Dan Carpenter wrote:
> We can either return PTR_ERR(NULL) or a PTR_ERR(a valid pointer) here.
> Returning NULL is probably not good, but since this happens at boot
> then we are probably already toasted if we were to hit this bug in real
> life. In other words, it seems like a very low severity bug to me.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
yep,
Acked-by: John Johansen <john.johansen@canonical.com>
and puled into my tree
>
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index 4f6ac9dbc65d..18f0d105084d 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -728,8 +728,10 @@ int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
> id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
>
> profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
> - if (!profile->dirname)
> - goto fail;
> + if (!profile->dirname) {
> + error = -ENOMEM;
> + goto fail2;
> + }
>
> mangle_name(profile->base.name, profile->dirname);
> sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] apparmor: Fix error cod in __aa_fs_profile_mkdir()
@ 2017-05-23 18:38 ` John Johansen
0 siblings, 0 replies; 8+ messages in thread
From: John Johansen @ 2017-05-23 18:38 UTC (permalink / raw)
To: linux-security-module
On 05/23/2017 07:33 AM, Dan Carpenter wrote:
> We can either return PTR_ERR(NULL) or a PTR_ERR(a valid pointer) here.
> Returning NULL is probably not good, but since this happens at boot
> then we are probably already toasted if we were to hit this bug in real
> life. In other words, it seems like a very low severity bug to me.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
yep,
Acked-by: John Johansen <john.johansen@canonical.com>
and puled into my tree
>
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index 4f6ac9dbc65d..18f0d105084d 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -728,8 +728,10 @@ int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
> id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
>
> profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
> - if (!profile->dirname)
> - goto fail;
> + if (!profile->dirname) {
> + error = -ENOMEM;
> + goto fail2;
> + }
>
> mangle_name(profile->base.name, profile->dirname);
> sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
>
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] apparmor: Fix error cod in __aa_fs_profile_mkdir()
2017-05-23 15:19 ` walter harms
@ 2017-05-23 18:51 ` John Johansen
-1 siblings, 0 replies; 8+ messages in thread
From: John Johansen @ 2017-05-23 18:51 UTC (permalink / raw)
To: linux-security-module
On 05/23/2017 08:19 AM, walter harms wrote:
>
>
> Am 23.05.2017 16:33, schrieb Dan Carpenter:
>> We can either return PTR_ERR(NULL) or a PTR_ERR(a valid pointer) here.
>> Returning NULL is probably not good, but since this happens at boot
>> then we are probably already toasted if we were to hit this bug in real
>> life. In other words, it seems like a very low severity bug to me.
>>
>> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>>
>> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
>> index 4f6ac9dbc65d..18f0d105084d 100644
>> --- a/security/apparmor/apparmorfs.c
>> +++ b/security/apparmor/apparmorfs.c
>> @@ -728,8 +728,10 @@ int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
>> id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
>>
>> profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
>> - if (!profile->dirname)
>> - goto fail;
>> + if (!profile->dirname) {
>> + error = -ENOMEM;
>> + goto fail2;
>> + }
>>
>> mangle_name(profile->base.name, profile->dirname);
>> sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
>
> Can mangle_name made to return a propper string ?
> IFF this can be reduced to
> profile->dirname =kasprintf(GFP_KERNEL,"%s.%ld",mangle_name(),profile->ns->uniq_id);
> if (!profile->dirname) ....
>
> just a hint.
>
something of the sort could be done, but you would need to track the allocation returned
from mangle_name so that it can be freed. But we can take this whole sequence and shove
it into mangle_name and have it do the allocation, and return a string. It would clean
things up. I'll cons together a patch for the next pull request.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] apparmor: Fix error cod in __aa_fs_profile_mkdir()
@ 2017-05-23 18:51 ` John Johansen
0 siblings, 0 replies; 8+ messages in thread
From: John Johansen @ 2017-05-23 18:51 UTC (permalink / raw)
To: linux-security-module
On 05/23/2017 08:19 AM, walter harms wrote:
>
>
> Am 23.05.2017 16:33, schrieb Dan Carpenter:
>> We can either return PTR_ERR(NULL) or a PTR_ERR(a valid pointer) here.
>> Returning NULL is probably not good, but since this happens at boot
>> then we are probably already toasted if we were to hit this bug in real
>> life. In other words, it seems like a very low severity bug to me.
>>
>> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>>
>> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
>> index 4f6ac9dbc65d..18f0d105084d 100644
>> --- a/security/apparmor/apparmorfs.c
>> +++ b/security/apparmor/apparmorfs.c
>> @@ -728,8 +728,10 @@ int __aa_fs_profile_mkdir(struct aa_profile *profile, struct dentry *parent)
>> id_len = snprintf(NULL, 0, ".%ld", profile->ns->uniq_id);
>>
>> profile->dirname = kmalloc(len + id_len + 1, GFP_KERNEL);
>> - if (!profile->dirname)
>> - goto fail;
>> + if (!profile->dirname) {
>> + error = -ENOMEM;
>> + goto fail2;
>> + }
>>
>> mangle_name(profile->base.name, profile->dirname);
>> sprintf(profile->dirname + len, ".%ld", profile->ns->uniq_id++);
>
> Can mangle_name made to return a propper string ?
> IFF this can be reduced to
> profile->dirname =kasprintf(GFP_KERNEL,"%s.%ld",mangle_name(),profile->ns->uniq_id);
> if (!profile->dirname) ....
>
> just a hint.
>
something of the sort could be done, but you would need to track the allocation returned
from mangle_name so that it can be freed. But we can take this whole sequence and shove
it into mangle_name and have it do the allocation, and return a string. It would clean
things up. I'll cons together a patch for the next pull request.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-05-23 18:51 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-23 14:33 [PATCH] apparmor: Fix error cod in __aa_fs_profile_mkdir() Dan Carpenter
2017-05-23 14:33 ` Dan Carpenter
2017-05-23 15:19 ` walter harms
2017-05-23 15:19 ` walter harms
2017-05-23 18:51 ` John Johansen
2017-05-23 18:51 ` John Johansen
2017-05-23 18:38 ` John Johansen
2017-05-23 18:38 ` John Johansen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.