[PATCH v10 1/4] reiserfs: Add security prefix to xattr name in reiserfs_security_write()

linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: zohar@linux.ibm.com, dmitry.kasatkin@gmail.com,
	paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com,
	stephen.smalley.work@gmail.com, eparis@parisplace.org,
	casey@schaufler-ca.com
Cc: reiserfs-devel@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org, selinux@vger.kernel.org,
	bpf@vger.kernel.org, kpsingh@kernel.org, keescook@chromium.org,
	nicolas.bouchinet@clip-os.org,
	Roberto Sassu <roberto.sassu@huawei.com>,
	stable@vger.kernel.org
Subject: [PATCH v10 1/4] reiserfs: Add security prefix to xattr name in reiserfs_security_write()
Date: Fri, 31 Mar 2023 14:32:18 +0200	[thread overview]
Message-ID: <20230331123221.3273328-2-roberto.sassu@huaweicloud.com> (raw)
In-Reply-To: <20230331123221.3273328-1-roberto.sassu@huaweicloud.com>

From: Roberto Sassu <roberto.sassu@huawei.com>

Reiserfs sets a security xattr at inode creation time in two stages: first,
it calls reiserfs_security_init() to obtain the xattr from active LSMs;
then, it calls reiserfs_security_write() to actually write that xattr.

Unfortunately, it seems there is a wrong expectation that LSMs provide the
full xattr name in the form 'security.<suffix>'. However, LSMs always
provided just the suffix, causing reiserfs to not write the xattr at all
(if the suffix is shorter than the prefix), or to write an xattr with the
wrong name.

Add a temporary buffer in reiserfs_security_write(), and write to it the
full xattr name, before passing it to reiserfs_xattr_set_handle().

Also replace the name length check with a check that the full xattr name is
not larger than XATTR_NAME_MAX.

Cc: stable@vger.kernel.org # v2.6.x
Fixes: 57fe60df6241 ("reiserfs: add atomic addition of selinux attributes during inode creation")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 fs/reiserfs/xattr_security.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c
index 6bffdf9a4fd..6e0a099dd78 100644
--- a/fs/reiserfs/xattr_security.c
+++ b/fs/reiserfs/xattr_security.c
@@ -95,11 +95,15 @@ int reiserfs_security_write(struct reiserfs_transaction_handle *th,
 			    struct inode *inode,
 			    struct reiserfs_security_handle *sec)
 {
+	char xattr_name[XATTR_NAME_MAX + 1] = XATTR_SECURITY_PREFIX;
 	int error;
-	if (strlen(sec->name) < sizeof(XATTR_SECURITY_PREFIX))
+
+	if (XATTR_SECURITY_PREFIX_LEN + strlen(sec->name) > XATTR_NAME_MAX)
 		return -EINVAL;
 
-	error = reiserfs_xattr_set_handle(th, inode, sec->name, sec->value,
+	strlcat(xattr_name, sec->name, sizeof(xattr_name));
+
+	error = reiserfs_xattr_set_handle(th, inode, xattr_name, sec->value,
 					  sec->length, XATTR_CREATE);
 	if (error == -ENODATA || error == -EOPNOTSUPP)
 		error = 0;
-- 
2.25.1

next prev parent reply	other threads:[~2023-03-31 12:33 UTC|newest]

Thread overview: 44+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-31 12:32 [PATCH v10 0/4] evm: Do HMAC of multiple per LSM xattrs for new inodes Roberto Sassu
2023-03-31 12:32 ` Roberto Sassu [this message]
2023-04-04 18:25   ` [PATCH v10 1/4] reiserfs: Add security prefix to xattr name in reiserfs_security_write() Paul Moore
2023-03-31 12:32 ` [PATCH v10 2/4] security: Allow all LSMs to provide xattrs for inode_init_security hook Roberto Sassu
2023-04-04 18:54   ` Paul Moore
2023-04-05  2:08     ` Casey Schaufler
2023-04-05  9:43       ` Roberto Sassu
2023-04-05 19:59         ` Paul Moore
2023-04-05 20:43           ` Casey Schaufler
2023-04-05 20:49             ` Paul Moore
2023-04-05 21:07               ` Casey Schaufler
2023-04-06  9:14                 ` Roberto Sassu
2023-04-06 16:17                   ` Casey Schaufler
2023-04-06  9:08             ` Roberto Sassu
2023-04-11  7:22   ` Mimi Zohar
2023-04-11  7:53     ` Roberto Sassu
2023-04-11 16:42       ` Casey Schaufler
2023-04-11 17:23         ` [PATCH] Smack modifications for: " Roberto Sassu
2023-04-11 17:54           ` Casey Schaufler
2023-04-12  7:22             ` Roberto Sassu
2023-04-12 20:29               ` Casey Schaufler
2023-04-13  7:11                 ` Roberto Sassu
2023-04-17 16:41                   ` Casey Schaufler
2023-04-18  7:05                     ` Roberto Sassu
2023-04-18 16:02                       ` Casey Schaufler
2023-04-19 13:46                         ` Roberto Sassu
2023-04-19 19:25                           ` Mengchi Cheng
2023-04-20  8:48                             ` Roberto Sassu
2023-05-08 12:29                               ` Roberto Sassu
2023-05-09 23:44                                 ` Mengchi Cheng
2023-05-09 23:56                                   ` Casey Schaufler
2023-04-19 21:00                           ` Casey Schaufler
2023-04-20  8:50                             ` Roberto Sassu
2023-04-20 10:44                               ` Mimi Zohar
2023-04-20 14:10                                 ` Roberto Sassu
2023-04-11 17:25         ` [PATCH v10 2/4] " Roberto Sassu
2023-04-11 17:40           ` Casey Schaufler
2023-03-31 12:32 ` [PATCH v10 3/4] evm: Align evm_inode_init_security() definition with LSM infrastructure Roberto Sassu
2023-04-04 18:56   ` Paul Moore
2023-04-11  7:22   ` Mimi Zohar
2023-04-11  7:58     ` Roberto Sassu
2023-03-31 12:32 ` [PATCH v10 4/4] evm: Support multiple LSMs providing an xattr Roberto Sassu
2023-04-11  7:22   ` Mimi Zohar
2023-04-03 10:36 ` [PATCH v10 0/4] evm: Do HMAC of multiple per LSM xattrs for new inodes Mimi Zohar

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6bffdf9a4f dfblob:6e0a099dd7 )
 OR (
bs:"[PATCH v10 1/4] reiserfs: Add security prefix to xattr name in reiserfs_security_write()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230331123221.3273328-2-roberto.sassu@huaweicloud.com \
    --to=roberto.sassu@huaweicloud.com \
    --cc=bpf@vger.kernel.org \
    --cc=casey@schaufler-ca.com \
    --cc=dmitry.kasatkin@gmail.com \
    --cc=eparis@parisplace.org \
    --cc=jmorris@namei.org \
    --cc=keescook@chromium.org \
    --cc=kpsingh@kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=nicolas.bouchinet@clip-os.org \
    --cc=paul@paul-moore.com \
    --cc=reiserfs-devel@vger.kernel.org \
    --cc=roberto.sassu@huawei.com \
    --cc=selinux@vger.kernel.org \
    --cc=serge@hallyn.com \
    --cc=stable@vger.kernel.org \
    --cc=stephen.smalley.work@gmail.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).