UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi 

syzbot is reporting UAF at cipso_v4_doi_search() [1], for smk_cipso_doi()
is calling kfree() without removing from the cipso_v4_doi_list list after
netlbl_cfg_cipsov4_map_add() returned an error. We need to use
netlbl_cfg_cipsov4_del() in order to remove from the list and wait for
RCU grace period before kfree().

Link: https://syzkaller.appspot.com/bug?extid=93dba5b91f0fed312cbd [1]
Reported-by: syzbot <syzbot+93dba5b91f0fed312cbd@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes: 6c2e8ac095 ("netlabel: Update kernel configuration API")
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
This commit is contained in:
Tetsuo Handa 2021-10-19 20:27:26 +09:00 committed by Casey Schaufler
parent f91488ee15
commit 0934ad42bb
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/smack/smackfs.c
View File

@ -712,7 +712,7 @@ static void smk_cipso_doi(void)
if (rc != 0) { if (rc != 0) {
printk(KERN_WARNING "%s:%d map add rc = %d\n", printk(KERN_WARNING "%s:%d map add rc = %d\n",
__func__, __LINE__, rc); __func__, __LINE__, rc);
kfree(doip); netlbl_cfg_cipsov4_del(doip->doi, &nai);
return; return;
} }
} }