* [PATCH][capabilities-next] commoncap: move assignment of fs_ns to avoid null pointer dereference
@ 2017-09-04 17:50 ` Colin King
0 siblings, 0 replies; 12+ messages in thread
From: Colin King @ 2017-09-04 17:50 UTC (permalink / raw)
To: linux-security-module
From: Colin Ian King <colin.king@canonical.com>
The pointer fs_ns is assigned from inode->i_ib->s_user_ns before
a null pointer check on inode, hence if inode is actually null we
will get a null pointer dereference on this assignment. Fix this
by only dereferencing inode after the null pointer check on
inode.
Detected by CoverityScan CID#1455328 ("Dereference before null check")
Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
security/commoncap.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/commoncap.c b/security/commoncap.c
index c25e0d27537f..fc46f5b85251 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -585,13 +585,14 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
struct vfs_ns_cap_data data, *nscaps = &data;
struct vfs_cap_data *caps = (struct vfs_cap_data *) &data;
kuid_t rootkuid;
- struct user_namespace *fs_ns = inode->i_sb->s_user_ns;
+ struct user_namespace *fs_ns;
memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data));
if (!inode)
return -ENODATA;
+ fs_ns = inode->i_sb->s_user_ns;
size = __vfs_getxattr((struct dentry *)dentry, inode,
XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ);
if (size = -ENODATA || size = -EOPNOTSUPP)
--
2.14.1
^ permalink raw reply related [flat|nested] 12+ messages in thread* [PATCH][capabilities-next] commoncap: move assignment of fs_ns to avoid null pointer dereference @ 2017-09-04 17:50 ` Colin King 0 siblings, 0 replies; 12+ messages in thread From: Colin King @ 2017-09-04 17:50 UTC (permalink / raw) To: Serge Hallyn, James Morris, linux-security-module Cc: kernel-janitors, linux-kernel From: Colin Ian King <colin.king@canonical.com> The pointer fs_ns is assigned from inode->i_ib->s_user_ns before a null pointer check on inode, hence if inode is actually null we will get a null pointer dereference on this assignment. Fix this by only dereferencing inode after the null pointer check on inode. Detected by CoverityScan CID#1455328 ("Dereference before null check") Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") Signed-off-by: Colin Ian King <colin.king@canonical.com> --- security/commoncap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/commoncap.c b/security/commoncap.c index c25e0d27537f..fc46f5b85251 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -585,13 +585,14 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data struct vfs_ns_cap_data data, *nscaps = &data; struct vfs_cap_data *caps = (struct vfs_cap_data *) &data; kuid_t rootkuid; - struct user_namespace *fs_ns = inode->i_sb->s_user_ns; + struct user_namespace *fs_ns; memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); if (!inode) return -ENODATA; + fs_ns = inode->i_sb->s_user_ns; size = __vfs_getxattr((struct dentry *)dentry, inode, XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ); if (size == -ENODATA || size == -EOPNOTSUPP) -- 2.14.1 ^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH][capabilities-next] commoncap: move assignment of fs_ns to avoid null pointer dereference @ 2017-09-04 17:50 ` Colin King 0 siblings, 0 replies; 12+ messages in thread From: Colin King @ 2017-09-04 17:50 UTC (permalink / raw) To: linux-security-module From: Colin Ian King <colin.king@canonical.com> The pointer fs_ns is assigned from inode->i_ib->s_user_ns before a null pointer check on inode, hence if inode is actually null we will get a null pointer dereference on this assignment. Fix this by only dereferencing inode after the null pointer check on inode. Detected by CoverityScan CID#1455328 ("Dereference before null check") Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") Signed-off-by: Colin Ian King <colin.king@canonical.com> --- security/commoncap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/commoncap.c b/security/commoncap.c index c25e0d27537f..fc46f5b85251 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -585,13 +585,14 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data struct vfs_ns_cap_data data, *nscaps = &data; struct vfs_cap_data *caps = (struct vfs_cap_data *) &data; kuid_t rootkuid; - struct user_namespace *fs_ns = inode->i_sb->s_user_ns; + struct user_namespace *fs_ns; memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); if (!inode) return -ENODATA; + fs_ns = inode->i_sb->s_user_ns; size = __vfs_getxattr((struct dentry *)dentry, inode, XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ); if (size == -ENODATA || size == -EOPNOTSUPP) -- 2.14.1 -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH][capabilities-next] commoncap: move assignment of fs_ns to avoid null pointer dereference 2017-09-04 17:50 ` Colin King (?) @ 2017-09-04 18:53 ` Serge E. Hallyn -1 siblings, 0 replies; 12+ messages in thread From: Serge E. Hallyn @ 2017-09-04 18:53 UTC (permalink / raw) To: linux-security-module On Mon, Sep 04, 2017 at 06:50:05PM +0100, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > The pointer fs_ns is assigned from inode->i_ib->s_user_ns before > a null pointer check on inode, hence if inode is actually null we > will get a null pointer dereference on this assignment. Fix this > by only dereferencing inode after the null pointer check on > inode. > > Detected by CoverityScan CID#1455328 ("Dereference before null check") > > Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") > Signed-off-by: Colin Ian King <colin.king@canonical.com> thanks! Acked-by: Serge Hallyn <serge@hallyn.com> > --- > security/commoncap.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/security/commoncap.c b/security/commoncap.c > index c25e0d27537f..fc46f5b85251 100644 > --- a/security/commoncap.c > +++ b/security/commoncap.c > @@ -585,13 +585,14 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data > struct vfs_ns_cap_data data, *nscaps = &data; > struct vfs_cap_data *caps = (struct vfs_cap_data *) &data; > kuid_t rootkuid; > - struct user_namespace *fs_ns = inode->i_sb->s_user_ns; > + struct user_namespace *fs_ns; > > memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); > > if (!inode) > return -ENODATA; > > + fs_ns = inode->i_sb->s_user_ns; > size = __vfs_getxattr((struct dentry *)dentry, inode, > XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ); > if (size = -ENODATA || size = -EOPNOTSUPP) > -- > 2.14.1 ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH][capabilities-next] commoncap: move assignment of fs_ns to avoid null pointer dereference @ 2017-09-04 18:53 ` Serge E. Hallyn 0 siblings, 0 replies; 12+ messages in thread From: Serge E. Hallyn @ 2017-09-04 18:53 UTC (permalink / raw) To: Colin King Cc: Serge Hallyn, James Morris, linux-security-module, kernel-janitors, linux-kernel On Mon, Sep 04, 2017 at 06:50:05PM +0100, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > The pointer fs_ns is assigned from inode->i_ib->s_user_ns before > a null pointer check on inode, hence if inode is actually null we > will get a null pointer dereference on this assignment. Fix this > by only dereferencing inode after the null pointer check on > inode. > > Detected by CoverityScan CID#1455328 ("Dereference before null check") > > Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") > Signed-off-by: Colin Ian King <colin.king@canonical.com> thanks! Acked-by: Serge Hallyn <serge@hallyn.com> > --- > security/commoncap.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/security/commoncap.c b/security/commoncap.c > index c25e0d27537f..fc46f5b85251 100644 > --- a/security/commoncap.c > +++ b/security/commoncap.c > @@ -585,13 +585,14 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data > struct vfs_ns_cap_data data, *nscaps = &data; > struct vfs_cap_data *caps = (struct vfs_cap_data *) &data; > kuid_t rootkuid; > - struct user_namespace *fs_ns = inode->i_sb->s_user_ns; > + struct user_namespace *fs_ns; > > memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); > > if (!inode) > return -ENODATA; > > + fs_ns = inode->i_sb->s_user_ns; > size = __vfs_getxattr((struct dentry *)dentry, inode, > XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ); > if (size == -ENODATA || size == -EOPNOTSUPP) > -- > 2.14.1 ^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH][capabilities-next] commoncap: move assignment of fs_ns to avoid null pointer dereference @ 2017-09-04 18:53 ` Serge E. Hallyn 0 siblings, 0 replies; 12+ messages in thread From: Serge E. Hallyn @ 2017-09-04 18:53 UTC (permalink / raw) To: linux-security-module On Mon, Sep 04, 2017 at 06:50:05PM +0100, Colin King wrote: > From: Colin Ian King <colin.king@canonical.com> > > The pointer fs_ns is assigned from inode->i_ib->s_user_ns before > a null pointer check on inode, hence if inode is actually null we > will get a null pointer dereference on this assignment. Fix this > by only dereferencing inode after the null pointer check on > inode. > > Detected by CoverityScan CID#1455328 ("Dereference before null check") > > Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") > Signed-off-by: Colin Ian King <colin.king@canonical.com> thanks! Acked-by: Serge Hallyn <serge@hallyn.com> > --- > security/commoncap.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/security/commoncap.c b/security/commoncap.c > index c25e0d27537f..fc46f5b85251 100644 > --- a/security/commoncap.c > +++ b/security/commoncap.c > @@ -585,13 +585,14 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data > struct vfs_ns_cap_data data, *nscaps = &data; > struct vfs_cap_data *caps = (struct vfs_cap_data *) &data; > kuid_t rootkuid; > - struct user_namespace *fs_ns = inode->i_sb->s_user_ns; > + struct user_namespace *fs_ns; > > memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); > > if (!inode) > return -ENODATA; > > + fs_ns = inode->i_sb->s_user_ns; > size = __vfs_getxattr((struct dentry *)dentry, inode, > XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ); > if (size == -ENODATA || size == -EOPNOTSUPP) > -- > 2.14.1 -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH][capabilities-next] commoncap: move assignment of fs_ns to avoid null pointer dereference 2017-09-04 18:53 ` Serge E. Hallyn (?) @ 2017-10-11 20:48 ` Serge E. Hallyn -1 siblings, 0 replies; 12+ messages in thread From: Serge E. Hallyn @ 2017-10-11 20:48 UTC (permalink / raw) To: linux-security-module Hi James, it doesn't look like this has been picked up yet. Assuming I'm not looking in the wrong place, can you pull it into the security tree? thanks, -serge Quoting Serge E. Hallyn (serge@hallyn.com): > On Mon, Sep 04, 2017 at 06:50:05PM +0100, Colin King wrote: > > From: Colin Ian King <colin.king@canonical.com> > > > > The pointer fs_ns is assigned from inode->i_ib->s_user_ns before > > a null pointer check on inode, hence if inode is actually null we > > will get a null pointer dereference on this assignment. Fix this > > by only dereferencing inode after the null pointer check on > > inode. > > > > Detected by CoverityScan CID#1455328 ("Dereference before null check") > > > > Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") > > Signed-off-by: Colin Ian King <colin.king@canonical.com> > > thanks! > > Acked-by: Serge Hallyn <serge@hallyn.com> > > > --- > > security/commoncap.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/security/commoncap.c b/security/commoncap.c > > index c25e0d27537f..fc46f5b85251 100644 > > --- a/security/commoncap.c > > +++ b/security/commoncap.c > > @@ -585,13 +585,14 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data > > struct vfs_ns_cap_data data, *nscaps = &data; > > struct vfs_cap_data *caps = (struct vfs_cap_data *) &data; > > kuid_t rootkuid; > > - struct user_namespace *fs_ns = inode->i_sb->s_user_ns; > > + struct user_namespace *fs_ns; > > > > memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); > > > > if (!inode) > > return -ENODATA; > > > > + fs_ns = inode->i_sb->s_user_ns; > > size = __vfs_getxattr((struct dentry *)dentry, inode, > > XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ); > > if (size = -ENODATA || size = -EOPNOTSUPP) > > -- > > 2.14.1 ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH][capabilities-next] commoncap: move assignment of fs_ns to avoid null pointer dereference @ 2017-10-11 20:48 ` Serge E. Hallyn 0 siblings, 0 replies; 12+ messages in thread From: Serge E. Hallyn @ 2017-10-11 20:48 UTC (permalink / raw) To: Serge E. Hallyn Cc: Colin King, James Morris, linux-security-module, kernel-janitors, linux-kernel Hi James, it doesn't look like this has been picked up yet. Assuming I'm not looking in the wrong place, can you pull it into the security tree? thanks, -serge Quoting Serge E. Hallyn (serge@hallyn.com): > On Mon, Sep 04, 2017 at 06:50:05PM +0100, Colin King wrote: > > From: Colin Ian King <colin.king@canonical.com> > > > > The pointer fs_ns is assigned from inode->i_ib->s_user_ns before > > a null pointer check on inode, hence if inode is actually null we > > will get a null pointer dereference on this assignment. Fix this > > by only dereferencing inode after the null pointer check on > > inode. > > > > Detected by CoverityScan CID#1455328 ("Dereference before null check") > > > > Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") > > Signed-off-by: Colin Ian King <colin.king@canonical.com> > > thanks! > > Acked-by: Serge Hallyn <serge@hallyn.com> > > > --- > > security/commoncap.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/security/commoncap.c b/security/commoncap.c > > index c25e0d27537f..fc46f5b85251 100644 > > --- a/security/commoncap.c > > +++ b/security/commoncap.c > > @@ -585,13 +585,14 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data > > struct vfs_ns_cap_data data, *nscaps = &data; > > struct vfs_cap_data *caps = (struct vfs_cap_data *) &data; > > kuid_t rootkuid; > > - struct user_namespace *fs_ns = inode->i_sb->s_user_ns; > > + struct user_namespace *fs_ns; > > > > memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); > > > > if (!inode) > > return -ENODATA; > > > > + fs_ns = inode->i_sb->s_user_ns; > > size = __vfs_getxattr((struct dentry *)dentry, inode, > > XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ); > > if (size == -ENODATA || size == -EOPNOTSUPP) > > -- > > 2.14.1 ^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH][capabilities-next] commoncap: move assignment of fs_ns to avoid null pointer dereference @ 2017-10-11 20:48 ` Serge E. Hallyn 0 siblings, 0 replies; 12+ messages in thread From: Serge E. Hallyn @ 2017-10-11 20:48 UTC (permalink / raw) To: linux-security-module Hi James, it doesn't look like this has been picked up yet. Assuming I'm not looking in the wrong place, can you pull it into the security tree? thanks, -serge Quoting Serge E. Hallyn (serge at hallyn.com): > On Mon, Sep 04, 2017 at 06:50:05PM +0100, Colin King wrote: > > From: Colin Ian King <colin.king@canonical.com> > > > > The pointer fs_ns is assigned from inode->i_ib->s_user_ns before > > a null pointer check on inode, hence if inode is actually null we > > will get a null pointer dereference on this assignment. Fix this > > by only dereferencing inode after the null pointer check on > > inode. > > > > Detected by CoverityScan CID#1455328 ("Dereference before null check") > > > > Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") > > Signed-off-by: Colin Ian King <colin.king@canonical.com> > > thanks! > > Acked-by: Serge Hallyn <serge@hallyn.com> > > > --- > > security/commoncap.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/security/commoncap.c b/security/commoncap.c > > index c25e0d27537f..fc46f5b85251 100644 > > --- a/security/commoncap.c > > +++ b/security/commoncap.c > > @@ -585,13 +585,14 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data > > struct vfs_ns_cap_data data, *nscaps = &data; > > struct vfs_cap_data *caps = (struct vfs_cap_data *) &data; > > kuid_t rootkuid; > > - struct user_namespace *fs_ns = inode->i_sb->s_user_ns; > > + struct user_namespace *fs_ns; > > > > memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); > > > > if (!inode) > > return -ENODATA; > > > > + fs_ns = inode->i_sb->s_user_ns; > > size = __vfs_getxattr((struct dentry *)dentry, inode, > > XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ); > > if (size == -ENODATA || size == -EOPNOTSUPP) > > -- > > 2.14.1 -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH][capabilities-next] commoncap: move assignment of fs_ns to avoid null pointer dereference 2017-10-11 20:48 ` Serge E. Hallyn (?) @ 2017-10-11 23:30 ` James Morris -1 siblings, 0 replies; 12+ messages in thread From: James Morris @ 2017-10-11 23:30 UTC (permalink / raw) To: linux-security-module On Wed, 11 Oct 2017, Serge E. Hallyn wrote: > Hi James, > > it doesn't look like this has been picked up yet. Assuming I'm not looking > in the wrong place, can you pull it into the security tree? Sure, Colin, can you please resend this? > > Quoting Serge E. Hallyn (serge@hallyn.com): > > On Mon, Sep 04, 2017 at 06:50:05PM +0100, Colin King wrote: > > > From: Colin Ian King <colin.king@canonical.com> > > > > > > The pointer fs_ns is assigned from inode->i_ib->s_user_ns before > > > a null pointer check on inode, hence if inode is actually null we > > > will get a null pointer dereference on this assignment. Fix this > > > by only dereferencing inode after the null pointer check on > > > inode. > > > > > > Detected by CoverityScan CID#1455328 ("Dereference before null check") > > > > > > Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") > > > Signed-off-by: Colin Ian King <colin.king@canonical.com> > > > > thanks! > > > > Acked-by: Serge Hallyn <serge@hallyn.com> > > > > > --- > > > security/commoncap.c | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/security/commoncap.c b/security/commoncap.c > > > index c25e0d27537f..fc46f5b85251 100644 > > > --- a/security/commoncap.c > > > +++ b/security/commoncap.c > > > @@ -585,13 +585,14 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data > > > struct vfs_ns_cap_data data, *nscaps = &data; > > > struct vfs_cap_data *caps = (struct vfs_cap_data *) &data; > > > kuid_t rootkuid; > > > - struct user_namespace *fs_ns = inode->i_sb->s_user_ns; > > > + struct user_namespace *fs_ns; > > > > > > memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); > > > > > > if (!inode) > > > return -ENODATA; > > > > > > + fs_ns = inode->i_sb->s_user_ns; > > > size = __vfs_getxattr((struct dentry *)dentry, inode, > > > XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ); > > > if (size = -ENODATA || size = -EOPNOTSUPP) > > > -- > > > 2.14.1 > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > ^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH][capabilities-next] commoncap: move assignment of fs_ns to avoid null pointer dereference @ 2017-10-11 23:30 ` James Morris 0 siblings, 0 replies; 12+ messages in thread From: James Morris @ 2017-10-11 23:30 UTC (permalink / raw) To: Serge E. Hallyn Cc: Colin King, linux-security-module, kernel-janitors, linux-kernel On Wed, 11 Oct 2017, Serge E. Hallyn wrote: > Hi James, > > it doesn't look like this has been picked up yet. Assuming I'm not looking > in the wrong place, can you pull it into the security tree? Sure, Colin, can you please resend this? > > Quoting Serge E. Hallyn (serge@hallyn.com): > > On Mon, Sep 04, 2017 at 06:50:05PM +0100, Colin King wrote: > > > From: Colin Ian King <colin.king@canonical.com> > > > > > > The pointer fs_ns is assigned from inode->i_ib->s_user_ns before > > > a null pointer check on inode, hence if inode is actually null we > > > will get a null pointer dereference on this assignment. Fix this > > > by only dereferencing inode after the null pointer check on > > > inode. > > > > > > Detected by CoverityScan CID#1455328 ("Dereference before null check") > > > > > > Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") > > > Signed-off-by: Colin Ian King <colin.king@canonical.com> > > > > thanks! > > > > Acked-by: Serge Hallyn <serge@hallyn.com> > > > > > --- > > > security/commoncap.c | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/security/commoncap.c b/security/commoncap.c > > > index c25e0d27537f..fc46f5b85251 100644 > > > --- a/security/commoncap.c > > > +++ b/security/commoncap.c > > > @@ -585,13 +585,14 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data > > > struct vfs_ns_cap_data data, *nscaps = &data; > > > struct vfs_cap_data *caps = (struct vfs_cap_data *) &data; > > > kuid_t rootkuid; > > > - struct user_namespace *fs_ns = inode->i_sb->s_user_ns; > > > + struct user_namespace *fs_ns; > > > > > > memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); > > > > > > if (!inode) > > > return -ENODATA; > > > > > > + fs_ns = inode->i_sb->s_user_ns; > > > size = __vfs_getxattr((struct dentry *)dentry, inode, > > > XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ); > > > if (size == -ENODATA || size == -EOPNOTSUPP) > > > -- > > > 2.14.1 > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > ^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH][capabilities-next] commoncap: move assignment of fs_ns to avoid null pointer dereference @ 2017-10-11 23:30 ` James Morris 0 siblings, 0 replies; 12+ messages in thread From: James Morris @ 2017-10-11 23:30 UTC (permalink / raw) To: linux-security-module On Wed, 11 Oct 2017, Serge E. Hallyn wrote: > Hi James, > > it doesn't look like this has been picked up yet. Assuming I'm not looking > in the wrong place, can you pull it into the security tree? Sure, Colin, can you please resend this? > > Quoting Serge E. Hallyn (serge at hallyn.com): > > On Mon, Sep 04, 2017 at 06:50:05PM +0100, Colin King wrote: > > > From: Colin Ian King <colin.king@canonical.com> > > > > > > The pointer fs_ns is assigned from inode->i_ib->s_user_ns before > > > a null pointer check on inode, hence if inode is actually null we > > > will get a null pointer dereference on this assignment. Fix this > > > by only dereferencing inode after the null pointer check on > > > inode. > > > > > > Detected by CoverityScan CID#1455328 ("Dereference before null check") > > > > > > Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities") > > > Signed-off-by: Colin Ian King <colin.king@canonical.com> > > > > thanks! > > > > Acked-by: Serge Hallyn <serge@hallyn.com> > > > > > --- > > > security/commoncap.c | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/security/commoncap.c b/security/commoncap.c > > > index c25e0d27537f..fc46f5b85251 100644 > > > --- a/security/commoncap.c > > > +++ b/security/commoncap.c > > > @@ -585,13 +585,14 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data > > > struct vfs_ns_cap_data data, *nscaps = &data; > > > struct vfs_cap_data *caps = (struct vfs_cap_data *) &data; > > > kuid_t rootkuid; > > > - struct user_namespace *fs_ns = inode->i_sb->s_user_ns; > > > + struct user_namespace *fs_ns; > > > > > > memset(cpu_caps, 0, sizeof(struct cpu_vfs_cap_data)); > > > > > > if (!inode) > > > return -ENODATA; > > > > > > + fs_ns = inode->i_sb->s_user_ns; > > > size = __vfs_getxattr((struct dentry *)dentry, inode, > > > XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ); > > > if (size == -ENODATA || size == -EOPNOTSUPP) > > > -- > > > 2.14.1 > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo at vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2017-10-11 23:30 UTC | newest] Thread overview: 12+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-09-04 17:50 [PATCH][capabilities-next] commoncap: move assignment of fs_ns to avoid null pointer dereference Colin King 2017-09-04 17:50 ` Colin King 2017-09-04 17:50 ` Colin King 2017-09-04 18:53 ` Serge E. Hallyn 2017-09-04 18:53 ` Serge E. Hallyn 2017-09-04 18:53 ` Serge E. Hallyn 2017-10-11 20:48 ` Serge E. Hallyn 2017-10-11 20:48 ` Serge E. Hallyn 2017-10-11 20:48 ` Serge E. Hallyn 2017-10-11 23:30 ` James Morris 2017-10-11 23:30 ` James Morris 2017-10-11 23:30 ` James Morris
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.