[PATCH] Smack: user access check bounds

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] Smack: user access check bounds
@ 2012-06-19  2:01 Casey Schaufler
  2012-06-20 22:02 ` Casey Schaufler
  0 siblings, 1 reply; 2+ messages in thread
From: Casey Schaufler @ 2012-06-19  2:01 UTC (permalink / raw)
  To: LKLM, LSM, Casey Schaufler

From: Casey Schaufler <casey@schaufler-ca.com>
Subject: [PATCH] Smack: user access check bounds

Some of the bounds checking used on the /smack/access
interface was lost when support for long labels was
added. No kernel access checks are affected, however
this is a case where /smack/access could be used
incorrectly and fail to detect the error. This patch
reintroduces the original checks.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

---

 security/smack/smackfs.c |   26 ++++++++++++--------------
 1 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 2152965..29b760d 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -215,28 +215,27 @@ static int smk_set_access(struct smack_rule *srp, struct list_head *rule_list,
  * @access: access string
  * @rule: Smack rule
  * @import: if non-zero, import labels
+ * @len: label length limit
  *
  * Returns 0 on success, -1 on failure
  */
 static int smk_fill_rule(const char *subject, const char *object,
 				const char *access, struct smack_rule *rule,
-				int import)
+				int import, int len)
 {
-	int rc = -1;
-	int done;
 	const char *cp;
 	struct smack_known *skp;
 
 	if (import) {
-		rule->smk_subject = smk_import(subject, 0);
+		rule->smk_subject = smk_import(subject, len);
 		if (rule->smk_subject == NULL)
 			return -1;
 
-		rule->smk_object = smk_import(object, 0);
+		rule->smk_object = smk_import(object, len);
 		if (rule->smk_object == NULL)
 			return -1;
 	} else {
-		cp = smk_parse_smack(subject, 0);
+		cp = smk_parse_smack(subject, len);
 		if (cp == NULL)
 			return -1;
 		skp = smk_find_entry(cp);
@@ -245,7 +244,7 @@ static int smk_fill_rule(const char *subject, const char *object,
 			return -1;
 		rule->smk_subject = skp->smk_known;
 
-		cp = smk_parse_smack(object, 0);
+		cp = smk_parse_smack(object, len);
 		if (cp == NULL)
 			return -1;
 		skp = smk_find_entry(cp);
@@ -257,7 +256,7 @@ static int smk_fill_rule(const char *subject, const char *object,
 
 	rule->smk_access = 0;
 
-	for (cp = access, done = 0; *cp && !done; cp++) {
+	for (cp = access; *cp != '\0'; cp++) {
 		switch (*cp) {
 		case '-':
 			break;
@@ -282,13 +281,11 @@ static int smk_fill_rule(const char *subject, const char *object,
 			rule->smk_access |= MAY_TRANSMUTE;
 			break;
 		default:
-			done = 1;
-			break;
+			return 0;
 		}
 	}
-	rc = 0;
 
-	return rc;
+	return 0;
 }
 
 /**
@@ -304,7 +301,8 @@ static int smk_parse_rule(const char *data, struct smack_rule *rule, int import)
 	int rc;
 
 	rc = smk_fill_rule(data, data + SMK_LABELLEN,
-			   data + SMK_LABELLEN + SMK_LABELLEN, rule, import);
+			   data + SMK_LABELLEN + SMK_LABELLEN, rule, import,
+			   SMK_LABELLEN);
 	return rc;
 }
 
@@ -340,7 +338,7 @@ static int smk_parse_long_rule(const char *data, struct smack_rule *rule,
 		goto free_out_o;
 
 	if (sscanf(data, "%s %s %s", subject, object, access) == 3)
-		rc = smk_fill_rule(subject, object, access, rule, import);
+		rc = smk_fill_rule(subject, object, access, rule, import, 0);
 
 	kfree(access);
 free_out_o:



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] Smack: user access check bounds
  2012-06-19  2:01 [PATCH] Smack: user access check bounds Casey Schaufler
@ 2012-06-20 22:02 ` Casey Schaufler
  0 siblings, 0 replies; 2+ messages in thread
From: Casey Schaufler @ 2012-06-20 22:02 UTC (permalink / raw)
  To: Casey Schaufler; +Cc: LKLM, LSM

On 6/18/2012 7:01 PM, Casey Schaufler wrote:
> From: Casey Schaufler <casey@schaufler-ca.com>
> Subject: [PATCH] Smack: user access check bounds
>
> Some of the bounds checking used on the /smack/access
> interface was lost when support for long labels was
> added. No kernel access checks are affected, however
> this is a case where /smack/access could be used
> incorrectly and fail to detect the error. This patch
> reintroduces the original checks.
>
> Targeted for git://git.gitorious.org/smack-next/kernel.git
>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

Applied to git://git.gitorious.org/smack-next/kernel.git
 
>
> ---
>
>  security/smack/smackfs.c |   26 ++++++++++++--------------
>  1 files changed, 12 insertions(+), 14 deletions(-)
>
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index 2152965..29b760d 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -215,28 +215,27 @@ static int smk_set_access(struct smack_rule *srp, struct list_head *rule_list,
>   * @access: access string
>   * @rule: Smack rule
>   * @import: if non-zero, import labels
> + * @len: label length limit
>   *
>   * Returns 0 on success, -1 on failure
>   */
>  static int smk_fill_rule(const char *subject, const char *object,
>  				const char *access, struct smack_rule *rule,
> -				int import)
> +				int import, int len)
>  {
> -	int rc = -1;
> -	int done;
>  	const char *cp;
>  	struct smack_known *skp;
>  
>  	if (import) {
> -		rule->smk_subject = smk_import(subject, 0);
> +		rule->smk_subject = smk_import(subject, len);
>  		if (rule->smk_subject == NULL)
>  			return -1;
>  
> -		rule->smk_object = smk_import(object, 0);
> +		rule->smk_object = smk_import(object, len);
>  		if (rule->smk_object == NULL)
>  			return -1;
>  	} else {
> -		cp = smk_parse_smack(subject, 0);
> +		cp = smk_parse_smack(subject, len);
>  		if (cp == NULL)
>  			return -1;
>  		skp = smk_find_entry(cp);
> @@ -245,7 +244,7 @@ static int smk_fill_rule(const char *subject, const char *object,
>  			return -1;
>  		rule->smk_subject = skp->smk_known;
>  
> -		cp = smk_parse_smack(object, 0);
> +		cp = smk_parse_smack(object, len);
>  		if (cp == NULL)
>  			return -1;
>  		skp = smk_find_entry(cp);
> @@ -257,7 +256,7 @@ static int smk_fill_rule(const char *subject, const char *object,
>  
>  	rule->smk_access = 0;
>  
> -	for (cp = access, done = 0; *cp && !done; cp++) {
> +	for (cp = access; *cp != '\0'; cp++) {
>  		switch (*cp) {
>  		case '-':
>  			break;
> @@ -282,13 +281,11 @@ static int smk_fill_rule(const char *subject, const char *object,
>  			rule->smk_access |= MAY_TRANSMUTE;
>  			break;
>  		default:
> -			done = 1;
> -			break;
> +			return 0;
>  		}
>  	}
> -	rc = 0;
>  
> -	return rc;
> +	return 0;
>  }
>  
>  /**
> @@ -304,7 +301,8 @@ static int smk_parse_rule(const char *data, struct smack_rule *rule, int import)
>  	int rc;
>  
>  	rc = smk_fill_rule(data, data + SMK_LABELLEN,
> -			   data + SMK_LABELLEN + SMK_LABELLEN, rule, import);
> +			   data + SMK_LABELLEN + SMK_LABELLEN, rule, import,
> +			   SMK_LABELLEN);
>  	return rc;
>  }
>  
> @@ -340,7 +338,7 @@ static int smk_parse_long_rule(const char *data, struct smack_rule *rule,
>  		goto free_out_o;
>  
>  	if (sscanf(data, "%s %s %s", subject, object, access) == 3)
> -		rc = smk_fill_rule(subject, object, access, rule, import);
> +		rc = smk_fill_rule(subject, object, access, rule, import, 0);
>  
>  	kfree(access);
>  free_out_o:
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2012-06-20 22:02 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-06-19  2:01 [PATCH] Smack: user access check bounds Casey Schaufler
2012-06-20 22:02 ` Casey Schaufler

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox