diff options
Diffstat (limited to 'net-netlabel-cope-with-NULL-catmap.patch')
| -rw-r--r-- | net-netlabel-cope-with-NULL-catmap.patch | 95 |
1 files changed, 0 insertions, 95 deletions
diff --git a/net-netlabel-cope-with-NULL-catmap.patch b/net-netlabel-cope-with-NULL-catmap.patch deleted file mode 100644 index 06a915121..000000000 --- a/net-netlabel-cope-with-NULL-catmap.patch +++ /dev/null @@ -1,95 +0,0 @@ -From MAILER-DAEMON Tue May 12 19:31:23 2020 -From: Paolo Abeni <pabeni@redhat.com> -To: netdev@vger.kernel.org -Cc: "David S. Miller" <davem@davemloft.net>, Jakub Kicinski <kuba@kernel.org>, linux-security-module@vger.kernel.org, Paul Moore <paul@paul-moore.com>, ppandit@redhat.com, Matthew Sheets <matthew.sheets@gd-ms.com> -Subject: [PATCH net] netlabel: cope with NULL catmap -Date: Tue, 12 May 2020 14:43:14 +0200 -Message-Id: <07d99ae197bfdb2964931201db67b6cd0b38db5b.1589276729.git.pabeni@redhat.com> -Sender: owner-linux-security-module@vger.kernel.org -List-ID: <linux-security-module.vger.kernel.org> -MIME-Version: 1.0 -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 7bit - -The cipso and calipso code can set the MLS_CAT attribute on -successful parsing, even if the corresponding catmap has -not been allocated, as per current configuration and external -input. - -Later, selinux code tries to access the catmap if the MLS_CAT flag -is present via netlbl_catmap_getlong(). That may cause null ptr -dereference while processing incoming network traffic. - -Address the issue setting the MLS_CAT flag only if the catmap is -really allocated. Additionally let netlbl_catmap_getlong() cope -with NULL catmap. - -Fixes: ceba1832b1b2 ("calipso: Set the calipso socket label to match the secattr.") -Fixes: 4b8feff251da ("netlabel: fix the horribly broken catmap functions") -Reported-by: Matthew Sheets <matthew.sheets@gd-ms.com> -Signed-off-by: Paolo Abeni <pabeni@redhat.com> ---- - net/ipv4/cipso_ipv4.c | 6 ++++-- - net/ipv6/calipso.c | 3 ++- - net/netlabel/netlabel_kapi.c | 6 ++++++ - 3 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c -index 0bd10a1f477f..a23094b050f8 100644 ---- a/net/ipv4/cipso_ipv4.c -+++ b/net/ipv4/cipso_ipv4.c -@@ -1258,7 +1258,8 @@ static int cipso_v4_parsetag_rbm(const struct cipso_v4_doi *doi_def, - return ret_val; - } - -- secattr->flags |= NETLBL_SECATTR_MLS_CAT; -+ if (secattr->attr.mls.cat) -+ secattr->flags |= NETLBL_SECATTR_MLS_CAT; - } - - return 0; -@@ -1439,7 +1440,8 @@ static int cipso_v4_parsetag_rng(const struct cipso_v4_doi *doi_def, - return ret_val; - } - -- secattr->flags |= NETLBL_SECATTR_MLS_CAT; -+ if (secattr->attr.mls.cat) -+ secattr->flags |= NETLBL_SECATTR_MLS_CAT; - } - - return 0; -diff --git a/net/ipv6/calipso.c b/net/ipv6/calipso.c -index 221c81f85cbf..8d3f66c310db 100644 ---- a/net/ipv6/calipso.c -+++ b/net/ipv6/calipso.c -@@ -1047,7 +1047,8 @@ static int calipso_opt_getattr(const unsigned char *calipso, - goto getattr_return; - } - -- secattr->flags |= NETLBL_SECATTR_MLS_CAT; -+ if (secattr->attr.mls.cat) -+ secattr->flags |= NETLBL_SECATTR_MLS_CAT; - } - - secattr->type = NETLBL_NLTYPE_CALIPSO; -diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c -index 409a3ae47ce2..5e1239cef000 100644 ---- a/net/netlabel/netlabel_kapi.c -+++ b/net/netlabel/netlabel_kapi.c -@@ -734,6 +734,12 @@ int netlbl_catmap_getlong(struct netlbl_lsm_catmap *catmap, - if ((off & (BITS_PER_LONG - 1)) != 0) - return -EINVAL; - -+ /* a null catmap is equivalent to an empty one */ -+ if (!catmap) { -+ *offset = (u32)-1; -+ return 0; -+ } -+ - if (off < catmap->startbit) { - off = catmap->startbit; - *offset = off; --- -2.21.3 - - |