From patchwork Mon Oct 6 19:20:23 2008 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Moore X-Patchwork-Id: 2954 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by ozlabs.org (Postfix) with ESMTP id 191B1DDEF7 for ; Tue, 7 Oct 2008 06:20:41 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752486AbYJFTUc (ORCPT ); Mon, 6 Oct 2008 15:20:32 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752646AbYJFTUb (ORCPT ); Mon, 6 Oct 2008 15:20:31 -0400 Received: from g1t0026.austin.hp.com ([15.216.28.33]:16886 "EHLO g1t0026.austin.hp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752589AbYJFTUZ (ORCPT ); Mon, 6 Oct 2008 15:20:25 -0400 Received: from g1t0039.austin.hp.com (g1t0039.austin.hp.com [16.236.32.45]) by g1t0026.austin.hp.com (Postfix) with ESMTP id 6AE43C61E; Mon, 6 Oct 2008 19:20:25 +0000 (UTC) Received: from ldl.fc.hp.com (ldl.fc.hp.com [15.11.146.30]) by g1t0039.austin.hp.com (Postfix) with ESMTP id 540F1340D4; Mon, 6 Oct 2008 19:20:25 +0000 (UTC) Received: from localhost (ldl.fc.hp.com [127.0.0.1]) by ldl.fc.hp.com (Postfix) with ESMTP id 10F91134020; Mon, 6 Oct 2008 13:20:25 -0600 (MDT) X-Virus-Scanned: Debian amavisd-new at ldl.fc.hp.com Received: from ldl.fc.hp.com ([127.0.0.1]) by localhost (ldl.fc.hp.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DBdLbKZEwC6J; Mon, 6 Oct 2008 13:20:24 -0600 (MDT) Received: from flek.lan (squirrel.fc.hp.com [15.11.146.57]) by ldl.fc.hp.com (Postfix) with ESMTP id AC53513401E; Mon, 6 Oct 2008 13:20:23 -0600 (MDT) From: Paul Moore Subject: [PATCH v7 06/17] selinux: Fix a problem in security_netlbl_sid_to_secattr() To: selinux@tycho.nsa.gov, netdev@vger.kernel.org, linux-security-module@vger.kernel.org Date: Mon, 06 Oct 2008 15:20:23 -0400 Message-ID: <20081006192022.15686.68332.stgit@flek.lan> In-Reply-To: <20081006191516.15686.80823.stgit@flek.lan> References: <20081006191516.15686.80823.stgit@flek.lan> User-Agent: StGIT/0.13 MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Currently when SELinux fails to allocate memory in security_netlbl_sid_to_secattr() the NetLabel LSM domain field is set to NULL which triggers the default NetLabel LSM domain mapping which may not always be the desired mapping. This patch fixes this by returning an error when the kernel is unable to allocate memory. This could result in more failures on a system with heavy memory pressure but it is the "correct" thing to do. Signed-off-by: Paul Moore Acked-by: James Morris --- security/selinux/ss/services.c | 10 ++++++++-- 1 files changed, 8 insertions(+), 2 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 8551952..c8f688a 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2785,7 +2785,7 @@ netlbl_secattr_to_sid_return_cleanup: */ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) { - int rc = -ENOENT; + int rc; struct context *ctx; if (!ss_initialized) @@ -2793,10 +2793,16 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr) read_lock(&policy_rwlock); ctx = sidtab_search(&sidtab, sid); - if (ctx == NULL) + if (ctx == NULL) { + rc = -ENOENT; goto netlbl_sid_to_secattr_failure; + } secattr->domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1], GFP_ATOMIC); + if (secattr->domain == NULL) { + rc = -ENOMEM; + goto netlbl_sid_to_secattr_failure; + } secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY; mls_export_netlbl_lvl(ctx, secattr); rc = mls_export_netlbl_cat(ctx, secattr);