Commit 817d914d authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'selinux-pr-20200621' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux 

Pull SELinux fixes from Paul Moore:
 "Three small patches to fix problems in the SELinux code, all found via
  clang.

  Two patches fix potential double-free conditions and one fixes an
  undefined return value"

* tag 'selinux-pr-20200621' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: fix undefined return of cond_evaluate_expr
  selinux: fix a double free in cond_read_node()/cond_read_list()
  selinux: fix double free
parents 16f4aa9b 8231b0b9

security/selinux/ss/conditional.c

+8 −13
Original line number Diff line number Diff line
@@ -27,6 +27,9 @@ static int cond_evaluate_expr(struct policydb *p, struct cond_expr *expr) 
	int s[COND_EXPR_MAXDEPTH];

	int sp = -1;



	if (expr->len == 0)

		return -1;



	for (i = 0; i < expr->len; i++) {

		struct cond_expr_node *node = &expr->nodes[i];
@@ -392,27 +395,19 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) 


		rc = next_entry(buf, fp, sizeof(u32) * 2);

		if (rc)

			goto err;

			return rc;



		expr->expr_type = le32_to_cpu(buf[0]);

		expr->bool = le32_to_cpu(buf[1]);



		if (!expr_node_isvalid(p, expr)) {

			rc = -EINVAL;

			goto err;

		}

		if (!expr_node_isvalid(p, expr))

			return -EINVAL;

	}



	rc = cond_read_av_list(p, fp, &node->true_list, NULL);

	if (rc)

		goto err;

	rc = cond_read_av_list(p, fp, &node->false_list, &node->true_list);

	if (rc)

		goto err;

	return 0;

err:

	cond_node_destroy(node);

		return rc;

	return cond_read_av_list(p, fp, &node->false_list, &node->true_list);

}



int cond_read_list(struct policydb *p, void *fp)

security/selinux/ss/services.c

+4 −0
Original line number Diff line number Diff line
@@ -2888,8 +2888,12 @@ err: 
	if (*names) {

		for (i = 0; i < *len; i++)

			kfree((*names)[i]);

		kfree(*names);

	}

	kfree(*values);

	*len = 0;

	*names = NULL;

	*values = NULL;

	goto out;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE