leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f495ab869a
linux/security
History
Paul Moore 023f108dcc selinux: fix double free in selinux_parse_opts_str() 
This patch is based on a discussion generated by an earlier patch
from Tetsuo Handa:

* https://marc.info/?t=149035659300001&r=1&w=2

The double free problem involves the mnt_opts field of the
security_mnt_opts struct, selinux_parse_opts_str() frees the memory
on error, but doesn't set the field to NULL so if the caller later
attempts to call security_free_mnt_opts() we trigger the problem.

In order to play it safe we change selinux_parse_opts_str() to call
security_free_mnt_opts() on error instead of free'ing the memory
directly.  This should ensure that everything is handled correctly,
regardless of what the caller may do.

Fixes: e000752989 ("LSM/SELinux: Interfaces to allow FS to control mount options")
Cc: stable@vger.kernel.org
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-06-13 17:34:22 +10:00
..
apparmor apparmorfs: replace CURRENT_TIME with current_time() 2017-05-08 17:15:15 -07:00
integrity Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into next 2017-04-19 22:00:15 +10:00
keys KEYS: fix refcount_inc() on zero 2017-06-09 13:29:50 +10:00
loadpin security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
selinux selinux: fix double free in selinux_parse_opts_str() 2017-06-13 17:34:22 +10:00
smack Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-05-09 09:12:53 -07:00
tomoyo Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-05-03 08:50:52 -07:00
yama security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
commoncap.c security: mark LSM hooks as __ro_after_init 2017-03-06 11:00:15 +11:00
device_cgroup.c security/device_cgroup: Fix RCU_LOCKDEP_WARN() condition 2015-09-03 18:13:10 -07:00
inode.c fs: constify tree_descr arrays passed to simple_fill_super() 2017-04-26 23:54:06 -04:00
Kconfig Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-05-03 08:50:52 -07:00
lsm_audit.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2016-10-04 14:48:27 -07:00
Makefile LSM: LoadPin for kernel file loading restrictions 2016-04-21 10:47:27 +10:00
min_addr.c mmap_min_addr check CAP_SYS_RAWIO only for write 2010-04-23 08:56:31 +10:00
security.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-05-03 08:50:52 -07:00