Commit 04ff9708 authored by Al Viro's avatar Al Viro Committed by Linus Torvalds

[PATCH] sanitize security_getprocattr() API

have it return the buffer it had allocated
Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Acked-by: default avatarJames Morris <jmorris@namei.org>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent c4823bce
...@@ -1558,29 +1558,20 @@ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf, ...@@ -1558,29 +1558,20 @@ static ssize_t proc_pid_attr_read(struct file * file, char __user * buf,
size_t count, loff_t *ppos) size_t count, loff_t *ppos)
{ {
struct inode * inode = file->f_path.dentry->d_inode; struct inode * inode = file->f_path.dentry->d_inode;
unsigned long page; char *p = NULL;
ssize_t length; ssize_t length;
struct task_struct *task = get_proc_task(inode); struct task_struct *task = get_proc_task(inode);
length = -ESRCH;
if (!task) if (!task)
goto out_no_task; return -ESRCH;
if (count > PAGE_SIZE)
count = PAGE_SIZE;
length = -ENOMEM;
if (!(page = __get_free_page(GFP_KERNEL)))
goto out;
length = security_getprocattr(task, length = security_getprocattr(task,
(char*)file->f_path.dentry->d_name.name, (char*)file->f_path.dentry->d_name.name,
(void*)page, count); &p);
if (length >= 0)
length = simple_read_from_buffer(buf, count, ppos, (char *)page, length);
free_page(page);
out:
put_task_struct(task); put_task_struct(task);
out_no_task: if (length > 0)
length = simple_read_from_buffer(buf, count, ppos, p, length);
kfree(p);
return length; return length;
} }
......
...@@ -1324,7 +1324,7 @@ struct security_operations { ...@@ -1324,7 +1324,7 @@ struct security_operations {
void (*d_instantiate) (struct dentry *dentry, struct inode *inode); void (*d_instantiate) (struct dentry *dentry, struct inode *inode);
int (*getprocattr)(struct task_struct *p, char *name, void *value, size_t size); int (*getprocattr)(struct task_struct *p, char *name, char **value);
int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size); int (*setprocattr)(struct task_struct *p, char *name, void *value, size_t size);
int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen); int (*secid_to_secctx)(u32 secid, char **secdata, u32 *seclen);
void (*release_secctx)(char *secdata, u32 seclen); void (*release_secctx)(char *secdata, u32 seclen);
...@@ -2092,9 +2092,9 @@ static inline void security_d_instantiate (struct dentry *dentry, struct inode * ...@@ -2092,9 +2092,9 @@ static inline void security_d_instantiate (struct dentry *dentry, struct inode *
security_ops->d_instantiate (dentry, inode); security_ops->d_instantiate (dentry, inode);
} }
static inline int security_getprocattr(struct task_struct *p, char *name, void *value, size_t size) static inline int security_getprocattr(struct task_struct *p, char *name, char **value)
{ {
return security_ops->getprocattr(p, name, value, size); return security_ops->getprocattr(p, name, value);
} }
static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size) static inline int security_setprocattr(struct task_struct *p, char *name, void *value, size_t size)
...@@ -2749,7 +2749,7 @@ static inline int security_sem_semop (struct sem_array * sma, ...@@ -2749,7 +2749,7 @@ static inline int security_sem_semop (struct sem_array * sma,
static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode) static inline void security_d_instantiate (struct dentry *dentry, struct inode *inode)
{ } { }
static inline int security_getprocattr(struct task_struct *p, char *name, void *value, size_t size) static inline int security_getprocattr(struct task_struct *p, char *name, char **value)
{ {
return -EINVAL; return -EINVAL;
} }
......
...@@ -907,7 +907,7 @@ static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode) ...@@ -907,7 +907,7 @@ static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode)
return; return;
} }
static int dummy_getprocattr(struct task_struct *p, char *name, void *value, size_t size) static int dummy_getprocattr(struct task_struct *p, char *name, char **value)
{ {
return -EINVAL; return -EINVAL;
} }
......
...@@ -4468,11 +4468,12 @@ static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode) ...@@ -4468,11 +4468,12 @@ static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode)
} }
static int selinux_getprocattr(struct task_struct *p, static int selinux_getprocattr(struct task_struct *p,
char *name, void *value, size_t size) char *name, char **value)
{ {
struct task_security_struct *tsec; struct task_security_struct *tsec;
u32 sid; u32 sid;
int error; int error;
unsigned len;
if (current != p) { if (current != p) {
error = task_has_perm(current, p, PROCESS__GETATTR); error = task_has_perm(current, p, PROCESS__GETATTR);
...@@ -4500,7 +4501,10 @@ static int selinux_getprocattr(struct task_struct *p, ...@@ -4500,7 +4501,10 @@ static int selinux_getprocattr(struct task_struct *p,
if (!sid) if (!sid)
return 0; return 0;
return selinux_getsecurity(sid, value, size); error = security_sid_to_context(sid, value, &len);
if (error)
return error;
return len;
} }
static int selinux_setprocattr(struct task_struct *p, static int selinux_setprocattr(struct task_struct *p,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment