Linux-Security-Module Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH v3] lsm:fix a missing-check bug in smack_sb_eat_lsm_opts()
@ 2021-04-19  2:55  Zhongjun Tan
  0 siblings, 0 replies; only message in thread
From:  Zhongjun Tan @ 2021-04-19  2:55 UTC (permalink / raw)
  To: casey, jmorris, serge; +Cc: linux-security-module, linux-kernel, Zhongjun Tan

From: Zhongjun Tan <tanzhongjun@yulong.com>

In smack_sb_eat_lsm_opts(), 'arg' is allocated by kmemdup_nul().
It returns NULL when fails. So 'arg' should be checked. And 'mnt_opts'
should be freed when error.

Signed-off-by: Zhongjun Tan <tanzhongjun@yulong.com>
---
changes in v1:
update the commit information. 
changes in v2:
fix brace error
changes in v3:
As viro said, just four codes and no other changes are needed.

security/smack/smack_lsm.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 223a6da..020929f 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -710,7 +710,10 @@ static int smack_sb_eat_lsm_opts(char *options, void **mnt_opts)
 		token = match_opt_prefix(from, len, &arg);
 		if (token != Opt_error) {
 			arg = kmemdup_nul(arg, from + len - arg, GFP_KERNEL);
-			rc = smack_add_opt(token, arg, mnt_opts);
+			if (arg)
+				rc = smack_add_opt(token, arg, mnt_opts);
+			else
+				rc = -ENOMEM;
 			if (unlikely(rc)) {
 				kfree(arg);
 				if (*mnt_opts)
-- 
1.9.1



^ permalink raw reply	[flat|nested] only message in thread

only message in thread, back to index

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-19  2:55 [PATCH v3] lsm:fix a missing-check bug in smack_sb_eat_lsm_opts()  Zhongjun Tan

Linux-Security-Module Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
		linux-security-module@vger.kernel.org
	public-inbox-index linux-security-module

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git