From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751804AbcFXQiq (ORCPT <rfc822;w@1wt.eu>);
	Fri, 24 Jun 2016 12:38:46 -0400
Received: from nm22-vm1.bullet.mail.bf1.yahoo.com ([98.139.212.127]:35668 "EHLO
	nm22-vm1.bullet.mail.bf1.yahoo.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1751485AbcFXQip (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 24 Jun 2016 12:38:45 -0400
X-Yahoo-Newman-Id: 886304.65760.bm@smtp218.mail.bf1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: 8xlkndwVM1mhfr4w2JQ3NjS7b9QZg6KyyPzafllW8sgOCgZ
 fwfwuZ32yvWmleHyjhsE25o4Bz_EEpiRHy3AOohFYswdVwSCrGE18uMtEuOe
 EniKl41pSEpluP2r3UNmlp23TxLv_s9XLIsaGhpOr9cfaCwPpR9eB8J9HCSa
 R2NN9mZTB0RjFk_T90VN76p2D8vrt5_NnKl8gb0UcVoZ7CKVho9ptWcNWQbs
 H3Iz0n49uTsgS2eW5MChsHQUCMRZ2sSnLJEHCaFNqpiE1iceC3axl.NLEHqF
 _Z28YswZ7sRoyZGqVLj190T30snp.6bHfk5.nQvJVtyMzhdxWQ1RYeMZ1_32
 F9bk26daaKq.qg0Z1G8nLmqAO8XhrN83bvlIlfn80M0zZjkmcBCSC7N.1IO8
 8C2krl51szM0hgUBkm94IfsLsddm83L_WdkPU3AwWe3qmSMrBe4o2laV00QC
 eSzw66MRqmoOBLmEK8xhHQLKsxblP1IwsTFCT.UzYfaAWD2.IlKeL4EFu9F0
 6dvEn7Aq.UTpu5Ch6Qe4bFEhM4CPayRUeu.UN0jNgk8DkuM0K5pXfTSCJTJE
 -
X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw--
Subject: [PATCH v4 4/3] LSM: Improve context interface for proc attrs
To: Kees Cook <keescook@chromium.org>
References: <599d0a80-0838-2baa-8ee2-7eefafc10cec@schaufler-ca.com>
 <5767eed4-78ec-cc4c-2ece-c1fec4d752af@schaufler-ca.com>
 <CAGXu5j+e_0MG1mi69dgagFvbmm_93v8rezr-kPRoCsmEvOY0ow@mail.gmail.com>
Cc: LSM <linux-security-module@vger.kernel.org>,
        James Morris <jmorris@namei.org>,
        John Johansen <john.johansen@canonical.com>,
        Stephen Smalley <sds@tycho.nsa.gov>, Paul Moore <paul@paul-moore.com>,
        Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
        LKLM <linux-kernel@vger.kernel.org>
From: Casey Schaufler <casey@schaufler-ca.com>
Message-ID: <61a5d3be-b99c-69d3-8619-e5c4d1004dd5@schaufler-ca.com>
Date: Fri, 24 Jun 2016 09:38:45 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <CAGXu5j+e_0MG1mi69dgagFvbmm_93v8rezr-kPRoCsmEvOY0ow@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Subject: [PATCH v4 4/3] LSM: Improve context interface for proc attrs

Replace kzalloc ... sprintf with kasprintf in the
"context" procfs attr code.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

---
 security/apparmor/lsm.c    | 47 +++++++++++++++++++++++-----------------------
 security/selinux/hooks.c   |  4 +---
 security/smack/smack_lsm.c |  5 +----
 3 files changed, 26 insertions(+), 30 deletions(-)

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 3790a7d..5cac15f 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -476,6 +476,8 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
 	const struct cred *cred = get_task_cred(task);
 	struct aa_task_cxt *cxt = cred_cxt(cred);
 	struct aa_profile *profile = NULL;
+	char *vp;
+	char *np;
 
 	if (strcmp(name, "current") == 0)
 		profile = aa_get_newest_profile(cxt->profile);
@@ -488,30 +490,29 @@ static int apparmor_getprocattr(struct task_struct *task, char *name,
 	else
 		error = -EINVAL;
 
-	if (profile) {
-		if (strcmp(name, "context") == 0) {
-			char *vp;
-			char *np;
-
-			error = aa_getprocattr(profile, &vp);
-			if (error > 0) {
-				error += 12;
-				*value = kzalloc(error, GFP_KERNEL);
-				if (*value == NULL)
-					error = -ENOMEM;
-				else {
-					sprintf(*value, "apparmor='%s'", vp);
-					np = strchr(*value, '\n');
-					if (np != NULL) {
-						np[0] = '\'';
-						np[1] = '\0';
-					}
-				}
-			}
-		} else
-			error = aa_getprocattr(profile, value);
-	}
+	if (profile == NULL)
+		goto put_out;
+
+	error = aa_getprocattr(profile, &vp);
+	if (error < 0)
+		goto put_out;
+
+	if (strcmp(name, "context") == 0) {
+		*value = kasprintf(GFP_KERNEL, "apparmor='%s'", vp);
+		if (*value == NULL) {
+			error = -ENOMEM;
+			goto put_out;
+		}
+		np = strchr(*value, '\n');
+		if (np != NULL) {
+			np[0] = '\'';
+			np[1] = '\0';
+		}
+		error = strlen(*value);
+	} else
+		*value = vp;
 
+put_out:
 	aa_put_profile(profile);
 	put_cred(cred);
 
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3a21c2b..6397721 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5737,11 +5737,9 @@ static int selinux_getprocattr(struct task_struct *p,
 
 		error = security_sid_to_context(sid, &vp, &len);
 		if (!error) {
-			*value = kzalloc(len + 10, GFP_KERNEL);
+			*value = kasprintf(GFP_KERNEL, "selinux='%s'", vp);
 			if (*value == NULL)
 				error = -ENOMEM;
-			else
-				sprintf(*value, "selinux='%s'", vp);
 		}
 	}
 
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index d2d8624..92e66f8 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3574,18 +3574,15 @@ static int smack_getprocattr(struct task_struct *p, char *name, char **value)
 {
 	struct smack_known *skp = smk_of_task_struct(p);
 	char *cp;
-	int slen;
 
 	if (strcmp(name, "current") == 0) {
 		cp = kstrdup(skp->smk_known, GFP_KERNEL);
 		if (cp == NULL)
 			return -ENOMEM;
 	} else if (strcmp(name, "context") == 0) {
-		slen = strlen(skp->smk_known) + 9;
-		cp = kzalloc(slen, GFP_KERNEL);
+		cp = kasprintf(GFP_KERNEL, "smack='%s'", skp->smk_known);
 		if (cp == NULL)
 			return -ENOMEM;
-		sprintf(cp, "smack='%s'", skp->smk_known);
 	} else
 		return -EINVAL;