From patchwork Tue Dec 24 23:13:37 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Casey Schaufler X-Patchwork-Id: 1215306 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=schaufler-ca.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=yahoo.com header.i=@yahoo.com header.b="Lmtit84Q"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 47jBvV1S81z9sP3 for ; Wed, 25 Dec 2019 10:17:26 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726283AbfLXXRZ (ORCPT ); Tue, 24 Dec 2019 18:17:25 -0500 Received: from sonic306-28.consmr.mail.ne1.yahoo.com ([66.163.189.90]:43626 "EHLO sonic306-28.consmr.mail.ne1.yahoo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726225AbfLXXRY (ORCPT ); Tue, 24 Dec 2019 18:17:24 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1577229441; bh=MzhgwfGoe8mx2emDrYG5Bp5l3ssUaRF0vCPHkk43PjU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=Lmtit84QQ65TWai0VUMT9wUZUicb2FpdevY/e2mfCTEZLVT1gZvpw1iVRIaEyQaeBsmvQiVW/SG5X8rIHuMQMGlUn1wbmGQe26nZpDmp9PU4sDhP4rGYlkKXaB9PnvwEfYZeTRZ/aOX1K00t1sjapdisC2upV2l11RQZLmH9MBfd9cDBnyoT+eGq7A4ge6CNQjIbf+4XXba7XLdzm4DFjq6G9Quhve4+nIz7reg40WjcAx6gkGQEqgOkp437nvPVeWDAjBISn1HKIOy61ogiUd35Mm4QdIaFmsn7DB18iAd5S7DF9x9Nfsw3XqA2yMXYHddaOhMIJqZenq1bUnCD1g== X-YMail-OSG: csHAZYsVM1krK_BiXPQdil8bME5Ud5X6p3jQoRtmbKBsjPs58j.8wSqXhcJLk0o mqo6.8XE1wbwRp0f9MHDNYUqImCrzaNmVcErWMX32oaAb5ak9.7JJAwrnsELVHNXJBqgh31FUsdS t0b_YjT25hMH.NXE_UUrXFx1D79rYn8seAfO6Kkg9NEL5B4QS_6VLN70Duud9QZYVu6tCfK7.O9c 23vcdqjca_y9bMpRaiSSCHrv8L9twWlzVizd3k0uCXBvqrnP37sOQ6y6edEf4IEzpmVNDwvsH2fr 8piJIriuV6hLWxUu9vQgdCzvkbusBRV0s20Xrg5F_eqvg7qLMmKCwIlJFy9c0DHhxAOjmNUf3siE AHp6_XtguGSKjKhMdD3sMrED54Rha3_kllzAa6nB91suJkLGlqf1wimA8fQJl8JvWWI8xQSXs3lX Gjxlz1oPdTKLO9tvhM4PW4OVzVHJMEYtZKZtHe7xcnFFuR76KqnriDHY8CDv.a0AVtBRXfGovssN D9SKlomRnaFhg7t.hyTDaINPyOLqwLkXXZ3Pg6wkqypU3sRkC75wQEBpHxH6ZG2jDuk8W2LSfD_L jIA7OcXwQ.zNmvuLSSjZp3kJ2NO8wKUNPhUGIystgflMdekZbn4sb4SqYJ0LLOKFzfUx8BVFjrB1 .rrqqp5W7NsNiZPRCRWqBJBC_WNVGQSPO.YCVhQJB4ItzwOhJO4HgsGeLiOMEdZ6RfZlK.UKBnT2 hNqAAyqEUe0OWDXS0LEIX3pzJHzLPSISMMP5FZ7DiHlCIAn9S_RA3aEJ1qZgVtS_xZIp_OdaP_Yu vpRwivoN72QA8UG3PeieKNefZK7aidcBjI_wy305gFh3EAwmMX2eIci0JCkbJB7Z5oxbTScYaEsR XJ4bYRWVUQRgLwRYGBiG.cWDJUOyJP46pPPuXIShf7ew6z.F5K54wUsZgSRkT1Fu6xg0iZO80vTY 2vEpxN9c3ehjrdqBNFk5ZcBjK0jG7wyWVqwZ6uJpmrs4MR4Eip3eL3FwqVJjhyTlFlrk5sWbYz5_ QDabrS.dSfy0xjiUnkoi_vCVio7yLSc_uZXYn.qTq.YAZ7XFMYwPVqsviWx2TUmupuMvUmvh6OGS bWgqisyAWwzcPCbf6S0dHGRORW7rsqv.7WZm7aBbaUNEJWVJFXY7OGxYeEPgGLZtQo0vEWxbt4be 3h5_Er1qDhwJ1.twQq9PbWrXbYDjaj2YNJdeLuNRwlRlXcfDrLum8p2zTQ_mev0PozTIWrzjUUP3 O63MHQxuW483HhRlx3bN0gsuiSZBQ.rNrvUYGoaL.QOL..mVh2EQnCP6GP_ZggGx0BX3ohdHQqJG Gkwp._aQ7Xo4LFZzU5eEDwfdNBcCfnqcL8eYPSI2pYNrRfc6TOrIg1lAF9H.R8.la95Jmf1DCNBs EAZc92Fu07ZHmeXBOibkxDLzYEnP2l0pejht7Fx6d2wUFCPOSIjZR Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Tue, 24 Dec 2019 23:17:21 +0000 Received: by smtp418.mail.gq1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 665083506e7e62b8c6ff693d3922ecb3; Tue, 24 Dec 2019 23:17:17 +0000 (UTC) From: Casey Schaufler To: casey.schaufler@intel.com Cc: casey@schaufler-ca.com, netdev@vger.kernel.org Subject: [PATCH v12 23/25] NET: Add SO_PEERCONTEXT for multiple LSMs Date: Tue, 24 Dec 2019 15:13:37 -0800 Message-Id: <20191224231339.7130-24-casey@schaufler-ca.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191224231339.7130-1-casey@schaufler-ca.com> References: <20191224231339.7130-1-casey@schaufler-ca.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The getsockopt SO_PEERSEC provides the LSM based security information for a single module, but for reasons of backward compatibility cannot include the information for multiple modules. A new option SO_PEERCONTEXT is added to report the security "context" of multiple modules using a "compound" format lsm1\0value\0lsm2\0value\0 This is expected to be used by system services, including dbus-daemon. The exact format of a compound context has been the subject of considerable debate. This format was suggested by Simon McVittie, a dbus maintainer with a significant stake in the format being usable. Signed-off-by: Casey Schaufler cc: netdev@vger.kernel.org --- arch/alpha/include/uapi/asm/socket.h | 1 + arch/mips/include/uapi/asm/socket.h | 1 + arch/parisc/include/uapi/asm/socket.h | 1 + arch/sparc/include/uapi/asm/socket.h | 1 + include/linux/lsm_hooks.h | 9 +- include/linux/security.h | 11 ++- include/uapi/asm-generic/socket.h | 1 + kernel/audit.c | 4 +- net/core/sock.c | 7 +- net/netlabel/netlabel_unlabeled.c | 9 +- net/netlabel/netlabel_user.c | 2 +- security/apparmor/lsm.c | 20 ++--- security/security.c | 118 +++++++++++++++++++++++--- security/selinux/hooks.c | 20 ++--- security/smack/smack_lsm.c | 31 +++---- 15 files changed, 164 insertions(+), 72 deletions(-) diff --git a/arch/alpha/include/uapi/asm/socket.h b/arch/alpha/include/uapi/asm/socket.h index de6c4df61082..b26fb34e4226 100644 --- a/arch/alpha/include/uapi/asm/socket.h +++ b/arch/alpha/include/uapi/asm/socket.h @@ -123,6 +123,7 @@ #define SO_SNDTIMEO_NEW 67 #define SO_DETACH_REUSEPORT_BPF 68 +#define SO_PEERCONTEXT 69 #if !defined(__KERNEL__) diff --git a/arch/mips/include/uapi/asm/socket.h b/arch/mips/include/uapi/asm/socket.h index d0a9ed2ca2d6..10e03507b1ed 100644 --- a/arch/mips/include/uapi/asm/socket.h +++ b/arch/mips/include/uapi/asm/socket.h @@ -134,6 +134,7 @@ #define SO_SNDTIMEO_NEW 67 #define SO_DETACH_REUSEPORT_BPF 68 +#define SO_PEERCONTEXT 69 #if !defined(__KERNEL__) diff --git a/arch/parisc/include/uapi/asm/socket.h b/arch/parisc/include/uapi/asm/socket.h index 10173c32195e..e11df59a84d1 100644 --- a/arch/parisc/include/uapi/asm/socket.h +++ b/arch/parisc/include/uapi/asm/socket.h @@ -115,6 +115,7 @@ #define SO_SNDTIMEO_NEW 0x4041 #define SO_DETACH_REUSEPORT_BPF 0x4042 +#define SO_PEERCONTEXT 0x4043 #if !defined(__KERNEL__) diff --git a/arch/sparc/include/uapi/asm/socket.h b/arch/sparc/include/uapi/asm/socket.h index 8029b681fc7c..5b41ef778040 100644 --- a/arch/sparc/include/uapi/asm/socket.h +++ b/arch/sparc/include/uapi/asm/socket.h @@ -116,6 +116,7 @@ #define SO_SNDTIMEO_NEW 0x0045 #define SO_DETACH_REUSEPORT_BPF 0x0047 +#define SO_PEERCONTEXT 0x0048 #if !defined(__KERNEL__) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 2bf82e1cf347..2ae10e7f81a7 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -880,8 +880,8 @@ * SO_GETPEERSEC. For tcp sockets this can be meaningful if the * socket is associated with an ipsec SA. * @sock is the local socket. - * @optval userspace memory where the security state is to be copied. - * @optlen userspace int where the module should copy the actual length + * @optval memory where the security state is to be copied. + * @optlen int where the module should copy the actual length * of the security state. * @len as input is the maximum length to copy to userspace provided * by the caller. @@ -1724,9 +1724,8 @@ union security_list_options { int (*socket_setsockopt)(struct socket *sock, int level, int optname); int (*socket_shutdown)(struct socket *sock, int how); int (*socket_sock_rcv_skb)(struct sock *sk, struct sk_buff *skb); - int (*socket_getpeersec_stream)(struct socket *sock, - char __user *optval, - int __user *optlen, unsigned len); + int (*socket_getpeersec_stream)(struct socket *sock, char **optval, + int *optlen, unsigned len); int (*socket_getpeersec_dgram)(struct socket *sock, struct sk_buff *skb, u32 *secid); int (*sk_alloc_security)(struct sock *sk, int family, gfp_t priority); diff --git a/include/linux/security.h b/include/linux/security.h index 536db4dbfcbb..b72bb90b1903 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -181,7 +181,7 @@ struct lsmblob { #define LSMBLOB_NEEDED -2 /* Slot requested on initialization */ #define LSMBLOB_NOT_NEEDED -3 /* Slot not requested */ #define LSMBLOB_DISPLAY -4 /* Use the "display" slot */ -#define LSMBLOB_FIRST -5 /* Use the default "display" slot */ +#define LSMBLOB_COMPOUND -5 /* A compound "display" */ /** * lsmblob_init - initialize an lsmblob structure. @@ -1400,7 +1400,8 @@ int security_socket_setsockopt(struct socket *sock, int level, int optname); int security_socket_shutdown(struct socket *sock, int how); int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb); int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, - int __user *optlen, unsigned len); + int __user *optlen, unsigned len, + int display); int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, struct lsmblob *blob); int security_sk_alloc(struct sock *sk, int family, gfp_t priority); @@ -1534,8 +1535,10 @@ static inline int security_sock_rcv_skb(struct sock *sk, return 0; } -static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, - int __user *optlen, unsigned len) +static inline int security_socket_getpeersec_stream(struct socket *sock, + char __user *optval, + int __user *optlen, + unsigned len, int display) { return -ENOPROTOOPT; } diff --git a/include/uapi/asm-generic/socket.h b/include/uapi/asm-generic/socket.h index 77f7c1638eb1..e3a853d53705 100644 --- a/include/uapi/asm-generic/socket.h +++ b/include/uapi/asm-generic/socket.h @@ -118,6 +118,7 @@ #define SO_SNDTIMEO_NEW 67 #define SO_DETACH_REUSEPORT_BPF 68 +#define SO_PEERCONTEXT 69 #if !defined(__KERNEL__) diff --git a/kernel/audit.c b/kernel/audit.c index d40f64a47c4b..71151ba2a6c2 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -1424,7 +1424,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) len = 0; if (lsmblob_is_set(&audit_sig_lsm)) { err = security_secid_to_secctx(&audit_sig_lsm, - &context, LSMBLOB_FIRST); + &context, 0); if (err) return err; } @@ -2099,7 +2099,7 @@ int audit_log_task_context(struct audit_buffer *ab) if (!lsmblob_is_set(&blob)) return 0; - error = security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST); + error = security_secid_to_secctx(&blob, &context, 0); if (error) { if (error != -EINVAL) goto error_path; diff --git a/net/core/sock.c b/net/core/sock.c index 043db3ce023e..63b7eda81a90 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -1411,7 +1411,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname, break; case SO_PEERSEC: - return security_socket_getpeersec_stream(sock, optval, optlen, len); + return security_socket_getpeersec_stream(sock, optval, optlen, + len, LSMBLOB_DISPLAY); + + case SO_PEERCONTEXT: + return security_socket_getpeersec_stream(sock, optval, optlen, + len, LSMBLOB_COMPOUND); case SO_MARK: v.val = sk->sk_mark; diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c index 60a7665de0e3..fefd1f2d26f8 100644 --- a/net/netlabel/netlabel_unlabeled.c +++ b/net/netlabel/netlabel_unlabeled.c @@ -436,8 +436,7 @@ int netlbl_unlhsh_add(struct net *net, unlhsh_add_return: rcu_read_unlock(); if (audit_buf != NULL) { - if (security_secid_to_secctx(lsmblob, &context, - LSMBLOB_FIRST) == 0) { + if (security_secid_to_secctx(lsmblob, &context, 0) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -493,7 +492,7 @@ static int netlbl_unlhsh_remove_addr4(struct net *net, dev_put(dev); if (entry != NULL && security_secid_to_secctx(&entry->lsmblob, &context, - LSMBLOB_FIRST) == 0) { + 0) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -554,7 +553,7 @@ static int netlbl_unlhsh_remove_addr6(struct net *net, dev_put(dev); if (entry != NULL && security_secid_to_secctx(&entry->lsmblob, &context, - LSMBLOB_FIRST) == 0) { + 0) == 0) { audit_log_format(audit_buf, " sec_obj=%s", context.context); security_release_secctx(&context); @@ -1125,7 +1124,7 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd, lsmb = (struct lsmblob *)&addr6->lsmblob; } - ret_val = security_secid_to_secctx(lsmb, &context, LSMBLOB_FIRST); + ret_val = security_secid_to_secctx(lsmb, &context, 0); if (ret_val != 0) goto list_cb_failure; ret_val = nla_put(cb_arg->skb, diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 1941877fd16f..537c0bf25e3c 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -100,7 +100,7 @@ struct audit_buffer *netlbl_audit_start_common(int type, lsmblob_init(&blob, audit_info->secid); if (audit_info->secid != 0 && - security_secid_to_secctx(&blob, &context, LSMBLOB_FIRST) == 0) { + security_secid_to_secctx(&blob, &context, 0) == 0) { audit_log_format(audit_buf, " subj=%s", context.context); security_release_secctx(&context); } diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 16b992235c11..34edfd29c32f 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1078,10 +1078,8 @@ static struct aa_label *sk_peer_label(struct sock *sk) * * Note: for tcp only valid if using ipsec or cipso on lan */ -static int apparmor_socket_getpeersec_stream(struct socket *sock, - char __user *optval, - int __user *optlen, - unsigned int len) +static int apparmor_socket_getpeersec_stream(struct socket *sock, char **optval, + int *optlen, unsigned int len) { char *name; int slen, error = 0; @@ -1101,17 +1099,11 @@ static int apparmor_socket_getpeersec_stream(struct socket *sock, if (slen < 0) { error = -ENOMEM; } else { - if (slen > len) { + if (slen > len) error = -ERANGE; - } else if (copy_to_user(optval, name, slen)) { - error = -EFAULT; - goto out; - } - if (put_user(slen, optlen)) - error = -EFAULT; -out: - kfree(name); - + else + *optval = name; + *optlen = slen; } done: diff --git a/security/security.c b/security/security.c index d0b57a7c3b31..1afe245f3246 100644 --- a/security/security.c +++ b/security/security.c @@ -723,6 +723,42 @@ static void __init lsm_early_task(struct task_struct *task) panic("%s: Early task alloc failed.\n", __func__); } +/** + * append_ctx - append a lsm/context pair to a compound context + * @ctx: the existing compound context + * @ctxlen: size of the old context, including terminating nul byte + * @lsm: new lsm name, nul terminated + * @new: new context, possibly nul terminated + * @newlen: maximum size of @new + * + * replace @ctx with a new compound context, appending @newlsm and @new + * to @ctx. On exit the new data replaces the old, which is freed. + * @ctxlen is set to the new size, which includes a trailing nul byte. + * + * Returns 0 on success, -ENOMEM if no memory is available. + */ +static int append_ctx(char **ctx, int *ctxlen, const char *lsm, char *new, + int newlen) +{ + char *final; + int llen; + + llen = strlen(lsm) + 1; + newlen = strnlen(new, newlen) + 1; + + final = kzalloc(*ctxlen + llen + newlen, GFP_KERNEL); + if (final == NULL) + return -ENOMEM; + if (*ctxlen) + memcpy(final, *ctx, *ctxlen); + memcpy(final + *ctxlen, lsm, llen); + memcpy(final + *ctxlen + llen, new, newlen); + kfree(*ctx); + *ctx = final; + *ctxlen = *ctxlen + llen + newlen; + return 0; +} + /* * Hook list operation macros. * @@ -2164,8 +2200,8 @@ int security_setprocattr(const char *lsm, const char *name, void *value, hlist_for_each_entry(hp, &security_hook_heads.setprocattr, list) { if (lsm != NULL && strcmp(lsm, hp->lsmid->lsm)) continue; - if (lsm == NULL && *display != LSMBLOB_INVALID && - *display != hp->lsmid->slot) + if (lsm == NULL && display != NULL && + *display != LSMBLOB_INVALID && *display != hp->lsmid->slot) continue; return hp->hook.setprocattr(name, value, size); } @@ -2196,7 +2232,7 @@ int security_secid_to_secctx(struct lsmblob *blob, struct lsmcontext *cp, */ if (display == LSMBLOB_DISPLAY) display = lsm_task_display(current); - else if (display == LSMBLOB_FIRST) + else if (display == 0) display = LSMBLOB_INVALID; else if (display < 0) { WARN_ONCE(true, @@ -2246,6 +2282,15 @@ void security_release_secctx(struct lsmcontext *cp) struct security_hook_list *hp; bool found = false; + if (cp->slot == LSMBLOB_INVALID) + return; + + if (cp->slot == LSMBLOB_COMPOUND) { + kfree(cp->context); + found = true; + goto clear_out; + } + hlist_for_each_entry(hp, &security_hook_heads.release_secctx, list) if (cp->slot == hp->lsmid->slot) { hp->hook.release_secctx(cp->context, cp->len); @@ -2253,6 +2298,7 @@ void security_release_secctx(struct lsmcontext *cp) break; } +clear_out: memset(cp, 0, sizeof(*cp)); if (!found) @@ -2389,17 +2435,67 @@ int security_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) EXPORT_SYMBOL(security_sock_rcv_skb); int security_socket_getpeersec_stream(struct socket *sock, char __user *optval, - int __user *optlen, unsigned len) + int __user *optlen, unsigned len, + int display) { - int display = lsm_task_display(current); struct security_hook_list *hp; + char *final = NULL; + char *cp; + int rc = 0; + unsigned finallen = 0; + unsigned clen = 0; - hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_stream, - list) - if (display == LSMBLOB_INVALID || display == hp->lsmid->slot) - return hp->hook.socket_getpeersec_stream(sock, optval, - optlen, len); - return -ENOPROTOOPT; + switch (display) { + case LSMBLOB_DISPLAY: + rc = -ENOPROTOOPT; + display = lsm_task_display(current); + hlist_for_each_entry(hp, + &security_hook_heads.socket_getpeersec_stream, + list) + if (display == LSMBLOB_INVALID || + display == hp->lsmid->slot) { + rc = hp->hook.socket_getpeersec_stream(sock, + &final, &finallen, len); + break; + } + break; + case LSMBLOB_COMPOUND: + /* + * A compound context, in the form [lsm\0value\0]... + */ + hlist_for_each_entry(hp, + &security_hook_heads.socket_getpeersec_stream, + list) { + rc = hp->hook.socket_getpeersec_stream(sock, &cp, &clen, + len); + if (rc == -EINVAL || rc == -ENOPROTOOPT) { + rc = 0; + continue; + } + if (rc) { + kfree(final); + return rc; + } + rc = append_ctx(&final, &finallen, hp->lsmid->lsm, + cp, clen); + } + if (final == NULL) + return -EINVAL; + break; + default: + return -EINVAL; + } + + if (finallen > len) + rc = -ERANGE; + else if (copy_to_user(optval, final, finallen)) + rc = -EFAULT; + + if (put_user(finallen, optlen)) + rc = -EFAULT; + + kfree(final); + return rc; } int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index cd4743331800..c3e6fd3f8c56 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5056,10 +5056,8 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) return err; } -static int selinux_socket_getpeersec_stream(struct socket *sock, - char __user *optval, - int __user *optlen, - unsigned int len) +static int selinux_socket_getpeersec_stream(struct socket *sock, char **optval, + int *optlen, unsigned int len) { int err = 0; char *scontext; @@ -5079,18 +5077,12 @@ static int selinux_socket_getpeersec_stream(struct socket *sock, if (err) return err; - if (scontext_len > len) { + if (scontext_len > len) err = -ERANGE; - goto out_len; - } - - if (copy_to_user(optval, scontext, scontext_len)) - err = -EFAULT; + else + *optval = scontext; -out_len: - if (put_user(scontext_len, optlen)) - err = -EFAULT; - kfree(scontext); + *optlen = scontext_len; return err; } diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 7349ce263759..7d449188ca16 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3957,28 +3957,29 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) * * returns zero on success, an error code otherwise */ -static int smack_socket_getpeersec_stream(struct socket *sock, - char __user *optval, - int __user *optlen, unsigned len) +static int smack_socket_getpeersec_stream(struct socket *sock, char **optval, + int *optlen, unsigned len) { - struct socket_smack *ssp; - char *rcp = ""; - int slen = 1; + struct socket_smack *ssp = smack_sock(sock->sk); + char *rcp; + int slen; int rc = 0; - ssp = smack_sock(sock->sk); - if (ssp->smk_packet != NULL) { - rcp = ssp->smk_packet->smk_known; - slen = strlen(rcp) + 1; + if (ssp->smk_packet == NULL) { + *optlen = 0; + return -EINVAL; } + rcp = ssp->smk_packet->smk_known; + slen = strlen(rcp) + 1; if (slen > len) rc = -ERANGE; - else if (copy_to_user(optval, rcp, slen) != 0) - rc = -EFAULT; - - if (put_user(slen, optlen) != 0) - rc = -EFAULT; + else { + *optval = kstrdup(rcp, GFP_KERNEL); + if (*optval == NULL) + rc = -ENOMEM; + } + *optlen = slen; return rc; }