[PATCH] sanitize security_getprocattr() API
have it return the buffer it had allocated Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
c4823bce03
commit
04ff97086b
|
@ -1558,29 +1558,20 @@ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf,
|
||||||
size_t count, loff_t *ppos)
|
size_t count, loff_t *ppos)
|
||||||
{
|
{
|
||||||
struct inode * inode = file->f_path.dentry->d_inode;
|
struct inode * inode = file->f_path.dentry->d_inode;
|
||||||
unsigned long page;
|
char *p = NULL;
|
||||||
ssize_t length;
|
ssize_t length;
|
||||||
struct task_struct *task = get_proc_task(inode);
|
struct task_struct *task = get_proc_task(inode);
|
||||||
|
|
||||||
length = -ESRCH;
|
|
||||||
if (!task)
|
if (!task)
|
||||||
goto out_no_task;
|
return -ESRCH;
|
||||||
|
|
||||||
if (count > PAGE_SIZE)
|
|
||||||
count = PAGE_SIZE;
|
|
||||||
length = -ENOMEM;
|
|
||||||
if (!(page = __get_free_page(GFP_KERNEL)))
|
|
||||||
goto out;
|
|
||||||
|
|
||||||
length = security_getprocattr(task,
|
length = security_getprocattr(task,
|
||||||
(char*)file->f_path.dentry->d_name.name,
|
(char*)file->f_path.dentry->d_name.name,
|
||||||
(void*)page, count);
|
&p);
|
||||||
if (length >= 0)
|
|
||||||
length = simple_read_from_buffer(buf, count, ppos, (char *)page, length);
|
|
||||||
free_page(page);
|
|
||||||
out:
|
|
||||||
put_task_struct(task);
|
put_task_struct(task);
|
||||||
out_no_task:
|
if (length > 0)
|
||||||
|
length = simple_read_from_buffer(buf, count, ppos, p, length);
|
||||||
|
kfree(p);
|
||||||
return length;
|
return length;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1324,7 +1324,7 @@ struct security_operations {
|
||||||
|
|
||||||
void (*d_instantiate) (struct dentry *dentry, struct inode *inode);
|
void (*d_instantiate) (struct dentry *dentry, struct inode *inode);
|
||||||
|
|
||||||
int (*getprocattr)(struct task_struct *p, char *name, void *value, size_t size);
|
int (*getprocattr)(struct task_struct *p, char *name, char **value);
|
||||||
int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size);
|
int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size);
|
||||||
int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen);
|
int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen);
|
||||||
void (*release_secctx)(char *secdata, u32 seclen);
|
void (*release_secctx)(char *secdata, u32 seclen);
|
||||||
|
@ -2092,9 +2092,9 @@ static inline void security_d_instantiate (struct dentry *dentry, struct inode *
|
||||||
security_ops->d_instantiate (dentry, inode);
|
security_ops->d_instantiate (dentry, inode);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_getprocattr(struct task_struct *p, char *name, void *value, size_t size)
|
static inline int security_getprocattr(struct task_struct *p, char *name, char **value)
|
||||||
{
|
{
|
||||||
return security_ops->getprocattr(p, name, value, size);
|
return security_ops->getprocattr(p, name, value);
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
|
static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
|
||||||
|
@ -2749,7 +2749,7 @@ static inline int security_sem_semop (struct sem_array * sma,
|
||||||
static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode)
|
static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode)
|
||||||
{ }
|
{ }
|
||||||
|
|
||||||
static inline int security_getprocattr(struct task_struct *p, char *name, void *value, size_t size)
|
static inline int security_getprocattr(struct task_struct *p, char *name, char **value)
|
||||||
{
|
{
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
|
@ -907,7 +907,7 @@ static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int dummy_getprocattr(struct task_struct *p, char *name, void *value, size_t size)
|
static int dummy_getprocattr(struct task_struct *p, char *name, char **value)
|
||||||
{
|
{
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
|
@ -4468,11 +4468,12 @@ static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode)
|
||||||
}
|
}
|
||||||
|
|
||||||
static int selinux_getprocattr(struct task_struct *p,
|
static int selinux_getprocattr(struct task_struct *p,
|
||||||
char *name, void *value, size_t size)
|
char *name, char **value)
|
||||||
{
|
{
|
||||||
struct task_security_struct *tsec;
|
struct task_security_struct *tsec;
|
||||||
u32 sid;
|
u32 sid;
|
||||||
int error;
|
int error;
|
||||||
|
unsigned len;
|
||||||
|
|
||||||
if (current != p) {
|
if (current != p) {
|
||||||
error = task_has_perm(current, p, PROCESS__GETATTR);
|
error = task_has_perm(current, p, PROCESS__GETATTR);
|
||||||
|
@ -4500,7 +4501,10 @@ static int selinux_getprocattr(struct task_struct *p,
|
||||||
if (!sid)
|
if (!sid)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
return selinux_getsecurity(sid, value, size);
|
error = security_sid_to_context(sid, value, &len);
|
||||||
|
if (error)
|
||||||
|
return error;
|
||||||
|
return len;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int selinux_setprocattr(struct task_struct *p,
|
static int selinux_setprocattr(struct task_struct *p,
|
||||||
|
|
Loading…
Reference in New Issue