linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] tomoyo: Fix incorrect return value from tomoyo_find_next_domain()
@ 2019-08-01  3:03 Takeshi Misawa
  0 siblings, 0 replies; only message in thread
From: Takeshi Misawa @ 2019-08-01  3:03 UTC (permalink / raw)
  To: Tetsuo Handa, Kentaro Takeda; +Cc: linux-kernel

When filename exceeds PATH_MAX,
tomoyo_find_next_domain() retval is not ENAMETOOLONG, but ENOENT.

Fix this by retuen kern_path() error.

Signed-off-by: Takeshi Misawa <jeliantsurux@gmail.com>
---
Dear Tetsuo Handa

I found unexpected return value from TOMOYO and try to create a patch.
If this is not acceptable for security reason, please discard this patch.

Regards.
---
 security/tomoyo/domain.c   | 7 +++++--
 security/tomoyo/realpath.c | 9 +++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 8526a0a74023..3d8034701344 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -723,8 +723,10 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
 	/* Get symlink's pathname of program. */
 	retval = -ENOENT;
 	exename.name = tomoyo_realpath_nofollow(original_name);
-	if (!exename.name)
+	if (IS_ERR(exename.name)) {
+		retval = PTR_ERR(exename.name);
 		goto out;
+	}
 	tomoyo_fill_path_info(&exename);
 retry:
 	/* Check 'aggregator' directive. */
@@ -870,7 +872,8 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
 		s->domain_info = domain;
 		atomic_inc(&domain->users);
 	}
-	kfree(exename.name);
+	if (!IS_ERR(exename.name))
+		kfree(exename.name);
 	if (!retval) {
 		ee->r.domain = domain;
 		retval = tomoyo_environ(ee);
diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c
index e7832448d721..d73e66be05ef 100644
--- a/security/tomoyo/realpath.c
+++ b/security/tomoyo/realpath.c
@@ -332,10 +332,15 @@ char *tomoyo_realpath_from_path(const struct path *path)
 char *tomoyo_realpath_nofollow(const char *pathname)
 {
 	struct path path;
+	char *buf = NULL;
+	int err;
 
-	if (pathname && kern_path(pathname, 0, &path) == 0) {
-		char *buf = tomoyo_realpath_from_path(&path);
+	if (pathname) {
+		err = kern_path(pathname, 0, &path);
+		if (unlikely(err))
+			return ERR_PTR(err);
 
+		buf = tomoyo_realpath_from_path(&path);
 		path_put(&path);
 		return buf;
 	}
-- 
2.17.1


^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2019-08-01  3:03 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-01  3:03 [PATCH] tomoyo: Fix incorrect return value from tomoyo_find_next_domain() Takeshi Misawa

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).