[PATCH] selftests/capabilities: Fix possible file leak in copy_fromat

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] selftests/capabilities: Fix possible file leak in copy_fromat_to
@ 2024-06-26  7:20 Ma Ke
  2024-06-26 13:16 ` Markus Elfring
  2024-06-26 19:33 ` Shuah Khan
  0 siblings, 2 replies; 4+ messages in thread
From: Ma Ke @ 2024-06-26  7:20 UTC (permalink / raw)
  To: shuah, usama.anjum, amer.shanawany, make24, swarupkotikalapudi,
	kees, luto, akpm
  Cc: linux-kselftest, linux-kernel

The open() function returns -1 on error. openat() and open() initialize
'from' and 'to', and only 'from' validated with 'if' statement. If the
initialization of variable 'to' fails, we should better check the value
of 'to' and close 'from' to avoid possible file leak.

Fixes: 32ae976ed3b5 ("selftests/capabilities: Add tests for capability evolution")
Signed-off-by: Ma Ke <make24@iscas.ac.cn>
---
Found this error through static analysis.
---
 tools/testing/selftests/capabilities/test_execve.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/testing/selftests/capabilities/test_execve.c b/tools/testing/selftests/capabilities/test_execve.c
index 47bad7ddc5bc..de187eff177d 100644
--- a/tools/testing/selftests/capabilities/test_execve.c
+++ b/tools/testing/selftests/capabilities/test_execve.c
@@ -149,6 +149,10 @@ static void copy_fromat_to(int fromfd, const char *fromname, const char *toname)
 		ksft_exit_fail_msg("open copy source - %s\n", strerror(errno));
 
 	int to = open(toname, O_CREAT | O_WRONLY | O_EXCL, 0700);
+	if (to == -1) {
+		close(from);
+		ksft_exit_fail_msg("open copy destination - %s\n", strerror(errno));
+	}
 
 	while (true) {
 		char buf[4096];
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] selftests/capabilities: Fix possible file leak in copy_fromat_to
  2024-06-26  7:20 [PATCH] selftests/capabilities: Fix possible file leak in copy_fromat_to Ma Ke
@ 2024-06-26 13:16 ` Markus Elfring
  2024-06-26 19:33 ` Shuah Khan
  1 sibling, 0 replies; 4+ messages in thread
From: Markus Elfring @ 2024-06-26 13:16 UTC (permalink / raw)
  To: Ma Ke, linux-kselftest, Amer Al Shanawany, Andrew Morton,
	Andy Lutomirski, Kees Cook, Muhammad Usama Anjum, Shuah Khan,
	Swarup Laxman Kotiaklapudi
  Cc: LKML

>                                        … openat() and open() initialize
> 'from' and 'to', and only 'from' validated with 'if' statement.

Why do find such information helpful?

>                                                                 If the
> initialization of variable 'to' fails,

The variable assignment will usually succeed.
A stored return value would eventually indicate a failed function call.

>                                        we should better check the value
> of 'to' and close 'from' to avoid possible file leak.

Please improve the change description with an imperative wording.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?h=v6.10-rc5#n94

How do you think about to use a summary phrase like “Complete error handling
in copy_fromat_to()”?

…
> ---
> Found this error through static analysis.
> ---

* Were any special tools involved?

* Would you like to replace a duplicate marker line by a blank line?

Regards,
Markus

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] selftests/capabilities: Fix possible file leak in copy_fromat_to
  2024-06-26  7:20 [PATCH] selftests/capabilities: Fix possible file leak in copy_fromat_to Ma Ke
  2024-06-26 13:16 ` Markus Elfring
@ 2024-06-26 19:33 ` Shuah Khan
  2024-06-26 19:37   ` Shuah Khan
  1 sibling, 1 reply; 4+ messages in thread
From: Shuah Khan @ 2024-06-26 19:33 UTC (permalink / raw)
  To: Ma Ke, shuah, usama.anjum, amer.shanawany, swarupkotikalapudi,
	kees, luto, akpm
  Cc: linux-kselftest, linux-kernel, Shuah Khan

On 6/26/24 01:20, Ma Ke wrote:
> The open() function returns -1 on error. openat() and open() initialize
> 'from' and 'to', and only 'from' validated with 'if' statement. If the
> initialization of variable 'to' fails, we should better check the value
> of 'to' and close 'from' to avoid possible file leak.
> 
> Fixes: 32ae976ed3b5 ("selftests/capabilities: Add tests for capability evolution")
> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
> ---
> Found this error through static analysis.

Please add this line to change adding details about the tool you used
to find this problem.

> ---
>   tools/testing/selftests/capabilities/test_execve.c | 4 ++++
>   1 file changed, 4 insertions(+)
> 
> diff --git a/tools/testing/selftests/capabilities/test_execve.c b/tools/testing/selftests/capabilities/test_execve.c
> index 47bad7ddc5bc..de187eff177d 100644
> --- a/tools/testing/selftests/capabilities/test_execve.c
> +++ b/tools/testing/selftests/capabilities/test_execve.c
> @@ -149,6 +149,10 @@ static void copy_fromat_to(int fromfd, const char *fromname, const char *toname)
>   		ksft_exit_fail_msg("open copy source - %s\n", strerror(errno));
>   
>   	int to = open(toname, O_CREAT | O_WRONLY | O_EXCL, 0700);
> +	if (to == -1) {

Changing this check to < instead of checking for just -1 can catch
other error returns.

> +		close(from);
> +		ksft_exit_fail_msg("open copy destination - %s\n", strerror(errno));
> +	}
>   
>   	while (true) {
>   		char buf[4096];

thanks,
-- Shuah


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] selftests/capabilities: Fix possible file leak in copy_fromat_to
  2024-06-26 19:33 ` Shuah Khan
@ 2024-06-26 19:37   ` Shuah Khan
  0 siblings, 0 replies; 4+ messages in thread
From: Shuah Khan @ 2024-06-26 19:37 UTC (permalink / raw)
  To: Ma Ke, shuah, usama.anjum, amer.shanawany, swarupkotikalapudi,
	kees, luto, akpm
  Cc: linux-kselftest, linux-kernel, Shuah Khan

On 6/26/24 13:33, Shuah Khan wrote:
> On 6/26/24 01:20, Ma Ke wrote:
>> The open() function returns -1 on error. openat() and open() initialize
>> 'from' and 'to', and only 'from' validated with 'if' statement. If the
>> initialization of variable 'to' fails, we should better check the value
>> of 'to' and close 'from' to avoid possible file leak.
>>
>> Fixes: 32ae976ed3b5 ("selftests/capabilities: Add tests for capability evolution")
>> Signed-off-by: Ma Ke <make24@iscas.ac.cn>
>> ---
>> Found this error through static analysis.
> 
> Please add this line to change adding details about the tool you used
> to find this problem.
> 
>> ---
>>   tools/testing/selftests/capabilities/test_execve.c | 4 ++++
>>   1 file changed, 4 insertions(+)
>>
>> diff --git a/tools/testing/selftests/capabilities/test_execve.c b/tools/testing/selftests/capabilities/test_execve.c
>> index 47bad7ddc5bc..de187eff177d 100644
>> --- a/tools/testing/selftests/capabilities/test_execve.c
>> +++ b/tools/testing/selftests/capabilities/test_execve.c
>> @@ -149,6 +149,10 @@ static void copy_fromat_to(int fromfd, const char *fromname, const char *toname)
>>           ksft_exit_fail_msg("open copy source - %s\n", strerror(errno));
>>       int to = open(toname, O_CREAT | O_WRONLY | O_EXCL, 0700);
>> +    if (to == -1) {
> 
> Changing this check to < instead of checking for just -1 can catch
> other error returns.

While you are fining this, can you fix this as well:

  int from = openat(fromfd, fromname, O_RDONLY);
         if (from == -1)
                 ksft_exit_fail_msg("open copy source - %s\n", strerror(errno));

Same change to check for <

thanks,
-- Shuah




^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-06-26 19:37 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-06-26  7:20 [PATCH] selftests/capabilities: Fix possible file leak in copy_fromat_to Ma Ke
2024-06-26 13:16 ` Markus Elfring
2024-06-26 19:33 ` Shuah Khan
2024-06-26 19:37   ` Shuah Khan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox