* [linux-next:master 11110/11953] security/smack/smackfs.c:1186:7: warning: Call to function 'sscanf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provi...
@ 2022-03-11 18:31 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2022-03-11 18:31 UTC (permalink / raw)
To: kbuild
[-- Attachment #1: Type: text/plain, Size: 38578 bytes --]
CC: llvm(a)lists.linux.dev
CC: kbuild-all(a)lists.01.org
BCC: lkp(a)intel.com
CC: Linux Memory Management List <linux-mm@kvack.org>
TO: Arnd Bergmann <arnd@arndb.de>
CC: Masahiro Yamada <masahiroy@kernel.org>
CC: Alex Shi <alexs@kernel.org>
CC: Nick Desaulniers <ndesaulniers@google.com>
CC: Miguel Ojeda <ojeda@kernel.org>
CC: Nathan Chancellor <nathan@kernel.org>
tree: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head: 71941773e143369a73c9c4a3b62fbb60736a1182
commit: 6992f0b3f0fd879b31095263986ba1aedb27c83b [11110/11953] Kbuild: move to -std=gnu11
:::::: branch date: 33 hours ago
:::::: commit date: 2 days ago
config: arm-randconfig-c002-20220310 (https://download.01.org/0day-ci/archive/20220312/202203120215.DGwSrRQQ-lkp(a)intel.com/config)
compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project 276ca87382b8f16a65bddac700202924228982f6)
reproduce (this is a W=1 build):
wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# install arm cross compiling tool for clang build
# apt-get install binutils-arm-linux-gnueabi
# https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=6992f0b3f0fd879b31095263986ba1aedb27c83b
git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
git fetch --no-tags linux-next master
git checkout 6992f0b3f0fd879b31095263986ba1aedb27c83b
# save the config file to linux build tree
COMPILER_INSTALL_PATH=$HOME/0day COMPILER=clang make.cross ARCH=arm clang-analyzer
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
clang-analyzer warnings: (new ones prefixed by >>)
^~~~~~
drivers/video/hdmi.c:306:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(ptr, frame->vendor, sizeof(frame->vendor));
^~~~~~
drivers/video/hdmi.c:307:2: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memcpy(ptr + 8, frame->product, sizeof(frame->product));
^~~~~~
drivers/video/hdmi.c:307:2: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
memcpy(ptr + 8, frame->product, sizeof(frame->product));
^~~~~~
drivers/video/hdmi.c:355:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(frame, 0, sizeof(*frame));
^~~~~~
drivers/video/hdmi.c:355:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(frame, 0, sizeof(*frame));
^~~~~~
drivers/video/hdmi.c:421:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(buffer, 0, size);
^~~~~~
drivers/video/hdmi.c:421:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(buffer, 0, size);
^~~~~~
drivers/video/hdmi.c:490:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(frame, 0, sizeof(*frame));
^~~~~~
drivers/video/hdmi.c:490:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(frame, 0, sizeof(*frame));
^~~~~~
drivers/video/hdmi.c:583:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(buffer, 0, size);
^~~~~~
drivers/video/hdmi.c:583:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(buffer, 0, size);
^~~~~~
drivers/video/hdmi.c:662:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(frame, 0, sizeof(*frame));
^~~~~~
drivers/video/hdmi.c:662:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(frame, 0, sizeof(*frame));
^~~~~~
drivers/video/hdmi.c:723:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(buffer, 0, size);
^~~~~~
drivers/video/hdmi.c:723:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(buffer, 0, size);
^~~~~~
drivers/video/hdmi.c:1274:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(buf, 0, sizeof(buf));
^~~~~~
drivers/video/hdmi.c:1274:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(buf, 0, sizeof(buf));
^~~~~~
drivers/video/hdmi.c:1276:2: warning: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
strncpy(buf, frame->vendor, 8);
^~~~~~~
drivers/video/hdmi.c:1276:2: note: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11
strncpy(buf, frame->vendor, 8);
^~~~~~~
drivers/video/hdmi.c:1278:2: warning: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
strncpy(buf, frame->product, 16);
^~~~~~~
drivers/video/hdmi.c:1278:2: note: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11
strncpy(buf, frame->product, 16);
^~~~~~~
Suppressed 11 warnings (11 in non-user code).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
94 warnings generated.
security/smack/smack_access.c:472:2: warning: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
strncpy(smack, string, i);
^~~~~~~
security/smack/smack_access.c:472:2: note: Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'strncpy_s' in case of C11
strncpy(smack, string, i);
^~~~~~~
Suppressed 93 warnings (92 in non-user code, 1 with check filters).
Use -header-filter=.* to display errors from all non-system headers. Use -system-headers to display errors from system headers as well.
114 warnings generated.
security/smack/smackfs.c:887:8: warning: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
ret = sscanf(rule, "%d", &maplevel);
^~~~~~
security/smack/smackfs.c:887:8: note: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11
ret = sscanf(rule, "%d", &maplevel);
^~~~~~
security/smack/smackfs.c:897:8: warning: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
ret = sscanf(rule, "%d", &catlen);
^~~~~~
security/smack/smackfs.c:897:8: note: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11
ret = sscanf(rule, "%d", &catlen);
^~~~~~
security/smack/smackfs.c:905:2: warning: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
memset(mapcatset, 0, sizeof(mapcatset));
^~~~~~
security/smack/smackfs.c:905:2: note: Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memset_s' in case of C11
memset(mapcatset, 0, sizeof(mapcatset));
^~~~~~
security/smack/smackfs.c:913:9: warning: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
ret = sscanf(rule, "%u", &cat);
^~~~~~
security/smack/smackfs.c:913:9: note: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11
ret = sscanf(rule, "%u", &cat);
^~~~~~
>> security/smack/smackfs.c:1186:7: warning: Call to function 'sscanf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
^~~~~~
security/smack/smackfs.c:1186:7: note: Call to function 'sscanf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11
rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
^~~~~~
security/smack/smackfs.c:1189:8: warning: Call to function 'sscanf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
^~~~~~
security/smack/smackfs.c:1189:8: note: Call to function 'sscanf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11
rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
^~~~~~
security/smack/smackfs.c:1195:3: warning: Value stored to 'm' is never read [clang-analyzer-deadcode.DeadStores]
m = BEBITS;
^
security/smack/smackfs.c:1195:3: note: Value stored to 'm' is never read
security/smack/smackfs.c:1446:6: warning: Call to function 'sscanf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s",
^~~~~~
security/smack/smackfs.c:1446:6: note: Call to function 'sscanf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11
i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s",
^~~~~~
security/smack/smackfs.c:1451:7: warning: Call to function 'sscanf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x %s",
^~~~~~
security/smack/smackfs.c:1451:7: note: Call to function 'sscanf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11
i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x %s",
^~~~~~
security/smack/smackfs.c:1579:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(temp, "%d", smk_cipso_doi_value);
^~~~~~~
security/smack/smackfs.c:1579:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(temp, "%d", smk_cipso_doi_value);
^~~~~~~
security/smack/smackfs.c:1611:6: warning: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
if (sscanf(temp, "%d", &i) != 1)
^~~~~~
security/smack/smackfs.c:1611:6: note: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11
if (sscanf(temp, "%d", &i) != 1)
^~~~~~
security/smack/smackfs.c:1645:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(temp, "%d", smack_cipso_direct);
^~~~~~~
security/smack/smackfs.c:1645:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(temp, "%d", smack_cipso_direct);
^~~~~~~
security/smack/smackfs.c:1678:6: warning: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
if (sscanf(temp, "%d", &i) != 1)
^~~~~~
security/smack/smackfs.c:1678:6: note: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11
if (sscanf(temp, "%d", &i) != 1)
^~~~~~
security/smack/smackfs.c:1723:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(temp, "%d", smack_cipso_mapped);
^~~~~~~
security/smack/smackfs.c:1723:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(temp, "%d", smack_cipso_mapped);
^~~~~~~
security/smack/smackfs.c:1756:6: warning: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
if (sscanf(temp, "%d", &i) != 1)
^~~~~~
security/smack/smackfs.c:1756:6: note: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11
if (sscanf(temp, "%d", &i) != 1)
^~~~~~
security/smack/smackfs.c:2161:2: warning: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
sprintf(temp, "%d\n", log_policy);
^~~~~~~
security/smack/smackfs.c:2161:2: note: Call to function 'sprintf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11
sprintf(temp, "%d\n", log_policy);
^~~~~~~
security/smack/smackfs.c:2192:6: warning: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
if (sscanf(temp, "%d", &i) != 1)
^~~~~~
security/smack/smackfs.c:2192:6: note: Call to function 'sscanf' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sscanf_s' in case of C11
if (sscanf(temp, "%d", &i) != 1)
^~~~~~
security/smack/smackfs.c:2313:9: warning: 1st function call argument is an uninitialized value [clang-analyzer-core.CallAndMessage]
res = smk_access(rule.smk_subject, rule.smk_object,
^
security/smack/smackfs.c:2341:9: note: Calling 'smk_user_access'
return smk_user_access(file, buf, count, ppos, SMK_FIXED24_FMT);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/smack/smackfs.c:2298:6: note: Calling 'IS_ERR'
if (IS_ERR(data))
^~~~~~~~~~~~
include/linux/err.h:36:9: note: Assuming the condition is false
return IS_ERR_VALUE((unsigned long)ptr);
^
include/linux/err.h:22:34: note: expanded from macro 'IS_ERR_VALUE'
#define IS_ERR_VALUE(x) unlikely((unsigned long)(void *)(x) >= (unsigned long)-MAX_ERRNO)
~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/linux/compiler.h:78:42: note: expanded from macro 'unlikely'
# define unlikely(x) __builtin_expect(!!(x), 0)
^
include/linux/err.h:36:2: note: Returning zero, which participates in a condition later
return IS_ERR_VALUE((unsigned long)ptr);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
security/smack/smackfs.c:2298:6: note: Returning from 'IS_ERR'
if (IS_ERR(data))
^~~~~~~~~~~~
security/smack/smackfs.c:2298:2: note: Taking false branch
vim +1186 security/smack/smackfs.c
113a0e4590881c etienne 2009-03-04 1131
113a0e4590881c etienne 2009-03-04 1132
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1133 /**
21abb1ec414c75 Casey Schaufler 2015-07-22 1134 * smk_write_net4addr - write() for /smack/netlabel
251a2a958b0455 Randy Dunlap 2009-02-18 1135 * @file: file pointer, not actually used
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1136 * @buf: where to get the data from
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1137 * @count: bytes sent
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1138 * @ppos: where to start
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1139 *
21abb1ec414c75 Casey Schaufler 2015-07-22 1140 * Accepts only one net4addr per write call.
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1141 * Returns number of bytes written or error code, as appropriate
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1142 */
21abb1ec414c75 Casey Schaufler 2015-07-22 1143 static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1144 size_t count, loff_t *ppos)
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1145 {
21abb1ec414c75 Casey Schaufler 2015-07-22 1146 struct smk_net4addr *snp;
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1147 struct sockaddr_in newname;
f7112e6c9abf1c Casey Schaufler 2012-05-06 1148 char *smack;
21abb1ec414c75 Casey Schaufler 2015-07-22 1149 struct smack_known *skp = NULL;
f7112e6c9abf1c Casey Schaufler 2012-05-06 1150 char *data;
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1151 char *host = (char *)&newname.sin_addr.s_addr;
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1152 int rc;
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1153 struct netlbl_audit audit_info;
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1154 struct in_addr mask;
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1155 unsigned int m;
21abb1ec414c75 Casey Schaufler 2015-07-22 1156 unsigned int masks;
7198e2eeb44b3f Etienne Basset 2009-03-24 1157 int found;
113a0e4590881c etienne 2009-03-04 1158 u32 mask_bits = (1<<31);
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1159 __be32 nsa;
113a0e4590881c etienne 2009-03-04 1160 u32 temp_mask;
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1161
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1162 /*
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1163 * Must have privilege.
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1164 * No partial writes.
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1165 * Enough data must be present.
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1166 * "<addr/mask, as a.b.c.d/e><space><label>"
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1167 * "<addr, as a.b.c.d><space><label>"
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1168 */
1880eff77e7a7c Casey Schaufler 2012-06-05 1169 if (!smack_privileged(CAP_MAC_ADMIN))
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1170 return -EPERM;
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1171 if (*ppos != 0)
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1172 return -EINVAL;
7ef4c19d245f3d Sabyrzhan Tasbolatov 2021-01-28 1173 if (count < SMK_NETLBLADDRMIN || count > PAGE_SIZE - 1)
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1174 return -EINVAL;
f7112e6c9abf1c Casey Schaufler 2012-05-06 1175
16e5c1fc36040e Al Viro 2015-12-24 1176 data = memdup_user_nul(buf, count);
16e5c1fc36040e Al Viro 2015-12-24 1177 if (IS_ERR(data))
16e5c1fc36040e Al Viro 2015-12-24 1178 return PTR_ERR(data);
f7112e6c9abf1c Casey Schaufler 2012-05-06 1179
f7112e6c9abf1c Casey Schaufler 2012-05-06 1180 smack = kzalloc(count + 1, GFP_KERNEL);
f7112e6c9abf1c Casey Schaufler 2012-05-06 1181 if (smack == NULL) {
f7112e6c9abf1c Casey Schaufler 2012-05-06 1182 rc = -ENOMEM;
f7112e6c9abf1c Casey Schaufler 2012-05-06 1183 goto free_data_out;
f7112e6c9abf1c Casey Schaufler 2012-05-06 1184 }
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1185
ec554fa75ec94d Toralf Förster 2014-04-27 @1186 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s",
21abb1ec414c75 Casey Schaufler 2015-07-22 1187 &host[0], &host[1], &host[2], &host[3], &masks, smack);
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1188 if (rc != 6) {
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1189 rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd %s",
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1190 &host[0], &host[1], &host[2], &host[3], smack);
f7112e6c9abf1c Casey Schaufler 2012-05-06 1191 if (rc != 5) {
f7112e6c9abf1c Casey Schaufler 2012-05-06 1192 rc = -EINVAL;
f7112e6c9abf1c Casey Schaufler 2012-05-06 1193 goto free_out;
f7112e6c9abf1c Casey Schaufler 2012-05-06 1194 }
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1195 m = BEBITS;
21abb1ec414c75 Casey Schaufler 2015-07-22 1196 masks = 32;
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1197 }
21abb1ec414c75 Casey Schaufler 2015-07-22 1198 if (masks > BEBITS) {
f7112e6c9abf1c Casey Schaufler 2012-05-06 1199 rc = -EINVAL;
f7112e6c9abf1c Casey Schaufler 2012-05-06 1200 goto free_out;
f7112e6c9abf1c Casey Schaufler 2012-05-06 1201 }
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1202
f7112e6c9abf1c Casey Schaufler 2012-05-06 1203 /*
f7112e6c9abf1c Casey Schaufler 2012-05-06 1204 * If smack begins with '-', it is an option, don't import it
f7112e6c9abf1c Casey Schaufler 2012-05-06 1205 */
4303154e865978 Etienne Basset 2009-03-27 1206 if (smack[0] != '-') {
21c7eae21a2100 Lukasz Pawelczyk 2014-08-29 1207 skp = smk_import_entry(smack, 0);
e774ad683f425a Lukasz Pawelczyk 2015-04-20 1208 if (IS_ERR(skp)) {
e774ad683f425a Lukasz Pawelczyk 2015-04-20 1209 rc = PTR_ERR(skp);
f7112e6c9abf1c Casey Schaufler 2012-05-06 1210 goto free_out;
f7112e6c9abf1c Casey Schaufler 2012-05-06 1211 }
4303154e865978 Etienne Basset 2009-03-27 1212 } else {
21abb1ec414c75 Casey Schaufler 2015-07-22 1213 /*
21abb1ec414c75 Casey Schaufler 2015-07-22 1214 * Only the -CIPSO option is supported for IPv4
21abb1ec414c75 Casey Schaufler 2015-07-22 1215 */
21abb1ec414c75 Casey Schaufler 2015-07-22 1216 if (strcmp(smack, SMACK_CIPSO_OPTION) != 0) {
f7112e6c9abf1c Casey Schaufler 2012-05-06 1217 rc = -EINVAL;
f7112e6c9abf1c Casey Schaufler 2012-05-06 1218 goto free_out;
f7112e6c9abf1c Casey Schaufler 2012-05-06 1219 }
4303154e865978 Etienne Basset 2009-03-27 1220 }
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1221
21abb1ec414c75 Casey Schaufler 2015-07-22 1222 for (m = masks, temp_mask = 0; m > 0; m--) {
113a0e4590881c etienne 2009-03-04 1223 temp_mask |= mask_bits;
113a0e4590881c etienne 2009-03-04 1224 mask_bits >>= 1;
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1225 }
113a0e4590881c etienne 2009-03-04 1226 mask.s_addr = cpu_to_be32(temp_mask);
113a0e4590881c etienne 2009-03-04 1227
113a0e4590881c etienne 2009-03-04 1228 newname.sin_addr.s_addr &= mask.s_addr;
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1229 /*
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1230 * Only allow one writer at a time. Writes should be
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1231 * quite rare and small in any case.
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1232 */
21abb1ec414c75 Casey Schaufler 2015-07-22 1233 mutex_lock(&smk_net4addr_lock);
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1234
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1235 nsa = newname.sin_addr.s_addr;
113a0e4590881c etienne 2009-03-04 1236 /* try to find if the prefix is already in the list */
7198e2eeb44b3f Etienne Basset 2009-03-24 1237 found = 0;
21abb1ec414c75 Casey Schaufler 2015-07-22 1238 list_for_each_entry_rcu(snp, &smk_net4addr_list, list) {
21abb1ec414c75 Casey Schaufler 2015-07-22 1239 if (snp->smk_host.s_addr == nsa && snp->smk_masks == masks) {
7198e2eeb44b3f Etienne Basset 2009-03-24 1240 found = 1;
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1241 break;
7198e2eeb44b3f Etienne Basset 2009-03-24 1242 }
7198e2eeb44b3f Etienne Basset 2009-03-24 1243 }
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1244 smk_netlabel_audit_set(&audit_info);
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1245
7198e2eeb44b3f Etienne Basset 2009-03-24 1246 if (found == 0) {
21c7eae21a2100 Lukasz Pawelczyk 2014-08-29 1247 snp = kzalloc(sizeof(*snp), GFP_KERNEL);
21c7eae21a2100 Lukasz Pawelczyk 2014-08-29 1248 if (snp == NULL)
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1249 rc = -ENOMEM;
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1250 else {
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1251 rc = 0;
21abb1ec414c75 Casey Schaufler 2015-07-22 1252 snp->smk_host.s_addr = newname.sin_addr.s_addr;
21c7eae21a2100 Lukasz Pawelczyk 2014-08-29 1253 snp->smk_mask.s_addr = mask.s_addr;
21c7eae21a2100 Lukasz Pawelczyk 2014-08-29 1254 snp->smk_label = skp;
21abb1ec414c75 Casey Schaufler 2015-07-22 1255 snp->smk_masks = masks;
21abb1ec414c75 Casey Schaufler 2015-07-22 1256 smk_net4addr_insert(snp);
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1257 }
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1258 } else {
21abb1ec414c75 Casey Schaufler 2015-07-22 1259 /*
21abb1ec414c75 Casey Schaufler 2015-07-22 1260 * Delete the unlabeled entry, only if the previous label
21abb1ec414c75 Casey Schaufler 2015-07-22 1261 * wasn't the special CIPSO option
21abb1ec414c75 Casey Schaufler 2015-07-22 1262 */
21abb1ec414c75 Casey Schaufler 2015-07-22 1263 if (snp->smk_label != NULL)
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1264 rc = netlbl_cfg_unlbl_static_del(&init_net, NULL,
21abb1ec414c75 Casey Schaufler 2015-07-22 1265 &snp->smk_host, &snp->smk_mask,
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1266 PF_INET, &audit_info);
4303154e865978 Etienne Basset 2009-03-27 1267 else
4303154e865978 Etienne Basset 2009-03-27 1268 rc = 0;
21c7eae21a2100 Lukasz Pawelczyk 2014-08-29 1269 snp->smk_label = skp;
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1270 }
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1271
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1272 /*
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1273 * Now tell netlabel about the single label nature of
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1274 * this host so that incoming packets get labeled.
4303154e865978 Etienne Basset 2009-03-27 1275 * but only if we didn't get the special CIPSO option
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1276 */
21abb1ec414c75 Casey Schaufler 2015-07-22 1277 if (rc == 0 && skp != NULL)
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1278 rc = netlbl_cfg_unlbl_static_add(&init_net, NULL,
21abb1ec414c75 Casey Schaufler 2015-07-22 1279 &snp->smk_host, &snp->smk_mask, PF_INET,
21c7eae21a2100 Lukasz Pawelczyk 2014-08-29 1280 snp->smk_label->smk_secid, &audit_info);
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1281
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1282 if (rc == 0)
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1283 rc = count;
6d3dc07cbb1e88 Casey Schaufler 2008-12-31 1284
21abb1ec414c75 Casey Schaufler 2015-07-22 1285 mutex_unlock(&smk_net4addr_lock);
21abb1ec414c75 Casey Schaufler 2015-07-22 1286
21abb1ec414c75 Casey Schaufler 2015-07-22 1287 free_out:
21abb1ec414c75 Casey Schaufler 2015-07-22 1288 kfree(smack);
21abb1ec414c75 Casey Schaufler 2015-07-22 1289 free_data_out:
21abb1ec414c75 Casey Schaufler 2015-07-22 1290 kfree(data);
21abb1ec414c75 Casey Schaufler 2015-07-22 1291
21abb1ec414c75 Casey Schaufler 2015-07-22 1292 return rc;
21abb1ec414c75 Casey Schaufler 2015-07-22 1293 }
21abb1ec414c75 Casey Schaufler 2015-07-22 1294
:::::: The code at line 1186 was first introduced by commit
:::::: ec554fa75ec94dcf47e52db9551755679c10235b Warning in scanf string typing
:::::: TO: Toralf Förster <toralf.foerster@gmx.de>
:::::: CC: Casey Schaufler <casey@schaufler-ca.com>
---
0-DAY CI Kernel Test Service
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-03-11 18:31 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-11 18:31 [linux-next:master 11110/11953] security/smack/smackfs.c:1186:7: warning: Call to function 'sscanf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provi kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.