net: corrections for security_secid_to_secctx returns

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

security_secid_to_secctx() returns the size of the new context,
whereas previous versions provided that via a pointer parameter.
Correct the type of the value returned in nfqnl_get_sk_secctx()
and the check for error in netlbl_unlhsh_add(). Add an error
check.

Fixes: 2d470c778120 ("lsm: replace context+len with lsm_context")
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

authored by

Casey Schaufler and committed by

Paul Moore 1 year ago 3b44cd09 b00083ae

+10 -8

2 changed files

expand all

net

netfilter

nfnetlink_queue.c

netlabel

netlabel_unlabeled.c

+7 -5

net/netfilter/nfnetlink_queue.c

··· 470 470 return 0; 471 471 } 472 472 473 - static u32 nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsm_context *ctx) 473 + static int nfqnl_get_sk_secctx(struct sk_buff *skb, struct lsm_context *ctx) 474 474 { 475 - u32 seclen = 0; 475 + int seclen = 0; 476 476 #if IS_ENABLED(CONFIG_NETWORK_SECMARK) 477 477 478 478 if (!skb || !sk_fullsock(skb->sk)) ··· 568 568 const struct nfnl_ct_hook *nfnl_ct; 569 569 bool csum_verify; 570 570 struct lsm_context ctx; 571 - u32 seclen = 0; 571 + int seclen = 0; 572 572 ktime_t tstamp; 573 573 574 574 size = nlmsg_total_size(sizeof(struct nfgenmsg)) ··· 643 643 644 644 if ((queue->flags & NFQA_CFG_F_SECCTX) && entskb->sk) { 645 645 seclen = nfqnl_get_sk_secctx(entskb, &ctx); 646 - if (seclen >= 0) 646 + if (seclen < 0) 647 + return NULL; 648 + if (seclen) 647 649 size += nla_total_size(seclen); 648 650 } 649 651 ··· 784 782 if (nfqnl_put_sk_classid(skb, entskb->sk) < 0) 785 783 goto nla_put_failure; 786 784 787 - if (seclen && nla_put(skb, NFQA_SECCTX, ctx.len, ctx.context)) 785 + if (seclen > 0 && nla_put(skb, NFQA_SECCTX, ctx.len, ctx.context)) 788 786 goto nla_put_failure; 789 787 790 788 if (ct && nfnl_ct->build(skb, ct, ctinfo, NFQA_CT, NFQA_CT_INFO) < 0)

+3 -3

net/netlabel/netlabel_unlabeled.c

··· 437 437 unlhsh_add_return: 438 438 rcu_read_unlock(); 439 439 if (audit_buf != NULL) { 440 - if (security_secid_to_secctx(secid, &ctx) == 0) { 440 + if (security_secid_to_secctx(secid, &ctx) >= 0) { 441 441 audit_log_format(audit_buf, " sec_obj=%s", ctx.context); 442 442 security_release_secctx(&ctx); 443 443 } ··· 490 490 addr->s_addr, mask->s_addr); 491 491 dev_put(dev); 492 492 if (entry != NULL && 493 - security_secid_to_secctx(entry->secid, &ctx) == 0) { 493 + security_secid_to_secctx(entry->secid, &ctx) >= 0) { 494 494 audit_log_format(audit_buf, " sec_obj=%s", ctx.context); 495 495 security_release_secctx(&ctx); 496 496 } ··· 548 548 addr, mask); 549 549 dev_put(dev); 550 550 if (entry != NULL && 551 - security_secid_to_secctx(entry->secid, &ctx) == 0) { 551 + security_secid_to_secctx(entry->secid, &ctx) >= 0) { 552 552 audit_log_format(audit_buf, " sec_obj=%s", ctx.context); 553 553 security_release_secctx(&ctx); 554 554 }