From: SF Markus Elfring <elfring@users.sourceforge.net>
To: linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov,
Eric Paris <eparis@parisplace.org>,
James Morris <james.l.morris@oracle.com>,
Paul Moore <paul@paul-moore.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
William Roberts <william.c.roberts@intel.com>
Cc: LKML <linux-kernel@vger.kernel.org>, kernel-janitors@vger.kernel.org
Subject: [PATCH 10/46] selinux: Move some assignments for the variable "rc" in policydb_read()
Date: Sun, 15 Jan 2017 15:10:10 +0000 [thread overview]
Message-ID: <7fdcfc8f-affa-fcf8-adaf-dc8fd9e1b472@users.sourceforge.net> (raw)
In-Reply-To: <ca34123f-ced6-d2bc-363b-690858618827@users.sourceforge.net>
From: Markus Elfring <elfring@users.sourceforge.net>
Date: Sat, 14 Jan 2017 15:22:29 +0100
One local variable was set to an error code in some cases before
a concrete error situation was detected. Thus move the corresponding
assignments into if branches to indicate a software failure there.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
---
security/selinux/ss/policydb.c | 59 +++++++++++++++++++++++++-----------------
1 file changed, 35 insertions(+), 24 deletions(-)
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 53e6d06e772a..506b0228d1f1 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -2250,15 +2250,14 @@ int policydb_read(struct policydb *p, void *fp)
if (rc)
goto bad;
- rc = -EINVAL;
if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
printk(KERN_ERR "SELinux: policydb magic number 0x%x does "
"not match expected magic number 0x%x\n",
le32_to_cpu(buf[0]), POLICYDB_MAGIC);
+ rc = -EINVAL;
goto bad;
}
- rc = -EINVAL;
len = le32_to_cpu(buf[1]);
if (len != strlen(POLICYDB_STRING)) {
printk(KERN_ERR "SELinux: policydb string length %d does not "
@@ -2265,11 +2265,13 @@ int policydb_read(struct policydb *p, void *fp)
len, strlen(POLICYDB_STRING));
+ rc = -EINVAL;
goto bad;
}
- rc = -ENOMEM;
policydb_str = kmalloc(len + 1, GFP_KERNEL);
- if (!policydb_str)
+ if (!policydb_str) {
+ rc = -ENOMEM;
goto bad;
+ }
rc = next_entry(policydb_str, fp, len);
if (rc) {
@@ -2279,12 +2280,12 @@ int policydb_read(struct policydb *p, void *fp)
goto bad;
}
- rc = -EINVAL;
policydb_str[len] = '\0';
if (strcmp(policydb_str, POLICYDB_STRING)) {
printk(KERN_ERR "SELinux: policydb string %s does not match "
"my string %s\n", policydb_str, POLICYDB_STRING);
kfree(policydb_str);
+ rc = -EINVAL;
goto bad;
}
/* Done with policydb_str. */
@@ -2296,24 +2297,24 @@ int policydb_read(struct policydb *p, void *fp)
if (rc)
goto bad;
- rc = -EINVAL;
p->policyvers = le32_to_cpu(buf[0]);
if (p->policyvers < POLICYDB_VERSION_MIN ||
p->policyvers > POLICYDB_VERSION_MAX) {
printk(KERN_ERR "SELinux: policydb version %d does not match "
"my version range %d-%d\n",
le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
+ rc = -EINVAL;
goto bad;
}
if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
p->mls_enabled = 1;
- rc = -EINVAL;
if (p->policyvers < POLICYDB_VERSION_MLS) {
printk(KERN_ERR "SELinux: security policydb version %d "
"(MLS) not backwards compatible\n",
p->policyvers);
+ rc = -EINVAL;
goto bad;
}
}
@@ -2332,21 +2333,21 @@ int policydb_read(struct policydb *p, void *fp)
goto bad;
}
- rc = -EINVAL;
info = policydb_lookup_compat(p->policyvers);
if (!info) {
printk(KERN_ERR "SELinux: unable to find policy compat info "
"for version %d\n", p->policyvers);
+ rc = -EINVAL;
goto bad;
}
- rc = -EINVAL;
if (le32_to_cpu(buf[2]) != info->sym_num ||
le32_to_cpu(buf[3]) != info->ocon_num) {
printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do "
"not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
le32_to_cpu(buf[3]),
info->sym_num, info->ocon_num);
+ rc = -EINVAL;
goto bad;
}
@@ -2365,10 +2366,11 @@ int policydb_read(struct policydb *p, void *fp)
p->symtab[i].nprim = nprim;
}
- rc = -EINVAL;
p->process_class = string_to_security_class(p, "process");
- if (!p->process_class)
+ if (!p->process_class) {
+ rc = -EINVAL;
goto bad;
+ }
rc = avtab_read(&p->te_avtab, fp, p);
if (rc)
@@ -2386,10 +2388,12 @@ int policydb_read(struct policydb *p, void *fp)
nel = le32_to_cpu(buf[0]);
ltr = NULL;
for (i = 0; i < nel; i++) {
- rc = -ENOMEM;
tr = kzalloc(sizeof(*tr), GFP_KERNEL);
- if (!tr)
+ if (!tr) {
+ rc = -ENOMEM;
goto bad;
+ }
+
if (ltr)
ltr->next = tr;
else
@@ -2398,7 +2402,6 @@ int policydb_read(struct policydb *p, void *fp)
if (rc)
goto bad;
- rc = -EINVAL;
tr->role = le32_to_cpu(buf[0]);
tr->type = le32_to_cpu(buf[1]);
tr->new_role = le32_to_cpu(buf[2]);
@@ -2410,12 +2413,14 @@ int policydb_read(struct policydb *p, void *fp)
} else
tr->tclass = p->process_class;
- rc = -EINVAL;
if (!policydb_role_isvalid(p, tr->role) ||
!policydb_type_isvalid(p, tr->type) ||
!policydb_class_isvalid(p, tr->tclass) ||
- !policydb_role_isvalid(p, tr->new_role))
+ !policydb_role_isvalid(p, tr->new_role)) {
+ rc = -EINVAL;
goto bad;
+ }
+
ltr = tr;
}
@@ -2425,10 +2430,12 @@ int policydb_read(struct policydb *p, void *fp)
nel = le32_to_cpu(buf[0]);
lra = NULL;
for (i = 0; i < nel; i++) {
- rc = -ENOMEM;
ra = kzalloc(sizeof(*ra), GFP_KERNEL);
- if (!ra)
+ if (!ra) {
+ rc = -ENOMEM;
goto bad;
+ }
+
if (lra)
lra->next = ra;
else
@@ -2437,12 +2444,14 @@ int policydb_read(struct policydb *p, void *fp)
if (rc)
goto bad;
- rc = -EINVAL;
ra->role = le32_to_cpu(buf[0]);
ra->new_role = le32_to_cpu(buf[1]);
if (!policydb_role_isvalid(p, ra->role) ||
- !policydb_role_isvalid(p, ra->new_role))
+ !policydb_role_isvalid(p, ra->new_role)) {
+ rc = -EINVAL;
goto bad;
+ }
+
lra = ra;
}
@@ -2454,11 +2463,12 @@ int policydb_read(struct policydb *p, void *fp)
if (rc)
goto bad;
- rc = -EINVAL;
p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition");
p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition");
- if (!p->process_trans_perms)
+ if (!p->process_trans_perms) {
+ rc = -EINVAL;
goto bad;
+ }
rc = ocontext_read(p, info, fp);
if (rc)
@@ -2472,12 +2482,13 @@ int policydb_read(struct policydb *p, void *fp)
if (rc)
goto bad;
- rc = -ENOMEM;
p->type_attr_map_array = flex_array_alloc(sizeof(struct ebitmap),
p->p_types.nprim,
GFP_KERNEL | __GFP_ZERO);
- if (!p->type_attr_map_array)
+ if (!p->type_attr_map_array) {
+ rc = -ENOMEM;
goto bad;
+ }
/* preallocate so we don't have to worry about the put ever failing */
rc = flex_array_prealloc(p->type_attr_map_array, 0, p->p_types.nprim,
--
2.11.0
next prev parent reply other threads:[~2017-01-15 15:10 UTC|newest]
Thread overview: 119+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-15 14:55 [PATCH 00/46] SELinux: Fine-tuning for several function implementations SF Markus Elfring
2017-01-15 14:56 ` [PATCH 01/46] selinux: Use kmalloc_array() in cond_init_bool_indexes() SF Markus Elfring
2017-03-23 20:24 ` Paul Moore
2017-01-15 14:58 ` [PATCH 02/46] selinux: Delete an unnecessary return statement in cond_compute_av() SF Markus Elfring
2017-03-23 20:28 ` Paul Moore
2017-01-15 15:00 ` [PATCH 03/46] selinux: Improve size determinations in four functions SF Markus Elfring
2017-03-23 20:30 ` Paul Moore
2017-01-15 15:01 ` [PATCH 04/46] selinux: Use kmalloc_array() in hashtab_create() SF Markus Elfring
2017-03-23 20:32 ` Paul Moore
2017-01-15 15:02 ` [PATCH 05/46] selinux: Adjust four checks for null pointers SF Markus Elfring
2017-03-23 20:38 ` Paul Moore
2017-01-15 15:03 ` [PATCH 06/46] selinux: Use kcalloc() in policydb_index() SF Markus Elfring
2017-03-23 21:15 ` Paul Moore
2017-01-15 15:04 ` [PATCH 07/46] selinux: Delete unnecessary variable assignments " SF Markus Elfring
2017-01-17 16:27 ` Casey Schaufler
2017-03-23 21:20 ` Paul Moore
2017-03-27 6:24 ` SF Markus Elfring
2017-03-27 18:20 ` Paul Moore
2017-01-15 15:06 ` [PATCH 08/46] selinux: Delete an unnecessary return statement in policydb_destroy() SF Markus Elfring
2017-03-23 21:22 ` Paul Moore
2017-01-15 15:07 ` [PATCH 09/46] selinux: Delete an error message for a failed memory allocation in policydb_read() SF Markus Elfring
2017-03-23 21:33 ` Paul Moore
2017-03-24 12:13 ` SF Markus Elfring
2017-03-25 15:44 ` Paul Moore
2017-03-27 5:56 ` SF Markus Elfring
2017-03-27 18:23 ` Paul Moore
2017-01-15 15:10 ` SF Markus Elfring [this message]
2017-03-23 21:44 ` [PATCH 10/46] selinux: Move some assignments for the variable "rc" " Paul Moore
2017-03-24 10:09 ` SF Markus Elfring
2017-03-25 15:38 ` Paul Moore
2017-01-15 15:11 ` [PATCH 11/46] selinux: Return directly after a failed next_entry() in genfs_read() SF Markus Elfring
2017-03-23 21:46 ` Paul Moore
2017-01-15 15:12 ` [PATCH 12/46] selinux: Move assignments for two pointers " SF Markus Elfring
2017-03-23 21:48 ` Paul Moore
2017-01-15 15:13 ` [PATCH 13/46] selinux: Move four assignments for the variable "rc" " SF Markus Elfring
2017-03-23 21:50 ` Paul Moore
2017-01-15 15:14 ` [PATCH 14/46] selinux: One function call less in genfs_read() after null pointer detection SF Markus Elfring
2017-03-23 21:54 ` Paul Moore
2017-01-15 15:15 ` [PATCH 15/46] selinux: One check and function call less in genfs_read() after error detection SF Markus Elfring
2017-01-17 16:32 ` Casey Schaufler
2017-01-17 16:37 ` SF Markus Elfring
2017-01-17 17:53 ` Casey Schaufler
2017-03-23 22:05 ` Paul Moore
2017-01-15 15:16 ` [PATCH 16/46] selinux: Move two assignments for the variable "rc" in filename_trans_read() SF Markus Elfring
2017-03-23 22:07 ` Paul Moore
2017-01-15 15:17 ` [PATCH 17/46] selinux: Delete an unnecessary variable assignment " SF Markus Elfring
2017-03-23 22:09 ` Paul Moore
2017-01-15 15:18 ` [PATCH 18/46] selinux: One function call less in filename_trans_read() after error detection SF Markus Elfring
2017-03-23 22:10 ` Paul Moore
2017-01-15 15:19 ` [PATCH 19/46] selinux: Return directly after a failed next_entry() in range_read() SF Markus Elfring
2017-03-23 22:12 ` Paul Moore
2017-01-15 15:20 ` [PATCH 20/46] selinux: Move four assignments for the variable "rc" " SF Markus Elfring
2017-03-23 22:13 ` Paul Moore
2017-01-15 15:21 ` [PATCH 21/46] selinux: Two function calls less in range_read() after error detection SF Markus Elfring
2017-01-17 16:35 ` Casey Schaufler
2017-03-23 22:15 ` Paul Moore
2017-01-15 15:22 ` [PATCH 22/46] selinux: Delete an unnecessary variable initialisation in range_read() SF Markus Elfring
2017-03-23 22:18 ` Paul Moore
2017-01-15 15:23 ` [PATCH 23/46] selinux: Move an assignment for a pointer " SF Markus Elfring
2017-03-23 22:18 ` Paul Moore
2017-01-15 15:24 ` [PATCH 24/46] selinux: Return directly after a failed kzalloc() in cat_read() SF Markus Elfring
2017-03-29 13:55 ` Paul Moore
2017-01-15 15:25 ` [PATCH 25/46] selinux: Return directly after a failed kzalloc() in sens_read() SF Markus Elfring
2017-03-29 13:57 ` Paul Moore
2017-01-15 15:26 ` [PATCH 26/46] selinux: Improve another size determination " SF Markus Elfring
2017-03-29 14:52 ` Paul Moore
2017-01-15 15:27 ` [PATCH 27/46] selinux: Move an assignment for the variable "rc" " SF Markus Elfring
2017-03-29 14:53 ` Paul Moore
2017-01-15 15:28 ` [PATCH 28/46] selinux: Return directly after a failed kzalloc() in user_read() SF Markus Elfring
2017-03-29 15:17 ` Paul Moore
2017-01-15 15:29 ` [PATCH 29/46] selinux: Return directly after a failed kzalloc() in type_read() SF Markus Elfring
2017-03-29 15:21 ` Paul Moore
2017-01-15 15:30 ` [PATCH 30/46] selinux: Return directly after a failed kzalloc() in role_read() SF Markus Elfring
2017-03-29 15:23 ` Paul Moore
2017-01-15 15:31 ` [PATCH 31/46] selinux: Move an assignment for the variable "rc" " SF Markus Elfring
2017-01-15 15:32 ` [PATCH 32/46] selinux: Return directly after a failed kzalloc() in class_read() SF Markus Elfring
2017-03-29 15:25 ` Paul Moore
2017-01-15 15:33 ` [PATCH 33/46] selinux: Move an assignment for the variable "rc" " SF Markus Elfring
2017-03-29 15:28 ` Paul Moore
2017-01-15 15:34 ` [PATCH 34/46] selinux: Return directly after a failed kzalloc() in common_read() SF Markus Elfring
2017-03-29 15:30 ` Paul Moore
2017-01-15 15:35 ` [PATCH 35/46] selinux: Return directly after a failed kzalloc() in perm_read() SF Markus Elfring
2017-03-29 15:31 ` Paul Moore
2017-01-15 15:36 ` [PATCH 36/46] selinux: Move an assignment for the variable "rc" in mls_read_range_helper() SF Markus Elfring
2017-03-29 15:32 ` Paul Moore
2017-01-15 15:37 ` [PATCH 37/46] selinux: Move an assignment for the variable "rc" in policydb_load_isids() SF Markus Elfring
2017-03-29 15:32 ` Paul Moore
2017-01-15 15:38 ` [PATCH 38/46] selinux: One function call less in five functions after null pointer detection SF Markus Elfring
2017-03-29 15:37 ` Paul Moore
2017-01-15 15:39 ` [PATCH 39/46] selinux: Move two assignments for the variable "rc" in ocontext_read() SF Markus Elfring
2017-03-29 15:38 ` Paul Moore
2017-01-15 15:40 ` [PATCH 40/46] selinux: Return directly after a failed kzalloc() in roles_init() SF Markus Elfring
2017-03-29 15:40 ` Paul Moore
2017-01-15 15:41 ` [PATCH 41/46] selinux: Move two assignments for the variable "rc" " SF Markus Elfring
2017-03-29 15:40 ` Paul Moore
2017-01-15 15:42 ` [PATCH 42/46] selinux: One function call less in roles_init() after error detection SF Markus Elfring
2017-03-29 15:43 ` Paul Moore
2017-01-15 15:43 ` [PATCH 43/46] selinux: Use kmalloc_array() in sidtab_init() SF Markus Elfring
2017-03-29 15:45 ` Paul Moore
2017-01-15 15:44 ` [PATCH 44/46] selinux: Adjust two checks for null pointers SF Markus Elfring
2017-03-29 15:48 ` Paul Moore
2017-01-15 15:45 ` [PATCH 45/46] selinux: Use common error handling code in sidtab_insert() SF Markus Elfring
2017-01-17 18:02 ` Casey Schaufler
2017-01-15 15:46 ` [PATCH 46/46] selinuxfs: Use seq_puts() in sel_avc_stats_seq_show() SF Markus Elfring
2017-03-29 15:53 ` Paul Moore
2017-01-16 15:26 ` [PATCH 00/46] SELinux: Fine-tuning for several function implementations Eric Paris
2017-01-16 16:40 ` Paul Moore
2017-01-16 18:31 ` SELinux: Checking source code positions for the setting of error codes SF Markus Elfring
2017-03-23 22:24 ` [PATCH 00/46] SELinux: Fine-tuning for several function implementations Paul Moore
2017-03-27 5:48 ` SF Markus Elfring
2017-03-27 18:19 ` Paul Moore
2017-04-04 11:10 ` [PATCH 0/3] SELinux: Fine-tuning for two " SF Markus Elfring
2017-04-04 11:12 ` [PATCH 1/3] selinux: Return directly after a failed memory allocation in policydb_index() SF Markus Elfring
2017-05-16 18:28 ` Paul Moore
2017-04-04 11:14 ` [PATCH 2/3] selinux: Return an error code only as a constant in sidtab_insert() SF Markus Elfring
2017-05-16 18:32 ` Paul Moore
2017-04-04 11:16 ` [PATCH 3/3] selinux: Use an other error code for an input validation failure " SF Markus Elfring
2017-05-16 18:41 ` Paul Moore
2017-05-16 19:57 ` SF Markus Elfring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7fdcfc8f-affa-fcf8-adaf-dc8fd9e1b472@users.sourceforge.net \
--to=elfring@users.sourceforge.net \
--cc=eparis@parisplace.org \
--cc=james.l.morris@oracle.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=serge@hallyn.com \
--cc=william.c.roberts@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox