From patchwork Fri Feb 23 19:05:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= X-Patchwork-Id: 205619 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a05:7300:a81b:b0:108:e6aa:91d0 with SMTP id bq27csp788782dyb; Fri, 23 Feb 2024 11:06:39 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXbsn45dMNyitq68oNvY9R/0a4L/nEWX7c1VsR5tTVbmLVwoZULJ+cTJC08qDWxGCJv23LLf5Cf36xQJ4R1vK7ZkGU/rw== X-Google-Smtp-Source: AGHT+IHWJNFCnI8WLK+7SC8XTfU+i7V+g6ko2r8C7h00nAB55vLFSsbmQ6tvHl6A43fig3mB/6uI X-Received: by 2002:a17:903:1250:b0:1dc:f0e:4e with SMTP id u16-20020a170903125000b001dc0f0e004emr940753plh.12.1708715199262; Fri, 23 Feb 2024 11:06:39 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708715199; cv=pass; d=google.com; s=arc-20160816; b=SF0KuN/X0YnSQ1QBGEeAI2KS2fDs/NFOKTvi1dncE4140lLpASvwaOdxJxlJpr5Nf6 NxXVTs/FgbG4ycJ7A5iNvodUgijv6po+Hkf5JW/wO4RiCwm2+CFWfu3BKvuLfOSOgjIV ne9l/siHdvj1LerJfBR/kIrCgHeHPPGwTEegVW7NkoPjoWEQtqBWfK8+vNZdPZ89HxYM 71j+NL6oWHu1DKQUBPD1DxGSIn8f8QubtScBK+Y+BT4bTFd0Bnb8zH4Rop8u+S6LoApB tG2gZCvAtQYvMs//c6e3jYs+BsMSvQ7y6nsz1BoNU9aOSALCiuzbRKcFMN8fRfWtNNiw mEFQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=ebNM1jfNxFrGEla+vw6xrGOMJ3r34v4XyT6ZnJpNf/4=; fh=75p7ccQGuT0xN9vNAOHl1M6SKBcYhJIT9hLFptk3jWg=; b=bM8zh4M48vs5ki16j4D6uCtxMnnkJLbQB5oJ3nel2N6jDfgSyB6gXyk1aeoJILSR3R rrh+lX8kDPK+fI9bIMK+/Nj2xaflZxhOt/eBz5z8csICb7Ru5mdyvF/leCEkr8/6EmLZ xQ+FTebTV3l3l2ZfVzk59kJ2TPd8rTSDY1sQ02cQSxrQxmmpslSVB1rHdFhz3Oqv5MQR YXyf5vyb7JLXwGkKkfGT+3mVOHZYeAdffrhmTjzGx56etAEPovMWcaynq/OtBvXkU6F7 N51Q04OQcCp0YcZdtUz4ZwvDEhEkTqZs46P84SZm/6O2Ke/4rhDU+2PIr71kcLSvhifO OCUA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=H9WEYkU4; arc=pass (i=1 spf=pass spfdomain=digikod.net dkim=pass dkdomain=digikod.net); spf=pass (google.com: domain of linux-kernel+bounces-79015-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-79015-ouuuleilei=gmail.com@vger.kernel.org" Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id lo6-20020a056a003d0600b006e450ba5b04si10890239pfb.6.2024.02.23.11.06.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Feb 2024 11:06:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-79015-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@digikod.net header.s=20191114 header.b=H9WEYkU4; arc=pass (i=1 spf=pass spfdomain=digikod.net dkim=pass dkdomain=digikod.net); spf=pass (google.com: domain of linux-kernel+bounces-79015-ouuuleilei=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-79015-ouuuleilei=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 41BB2287B38 for ; Fri, 23 Feb 2024 19:06:28 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 60B431448FE; Fri, 23 Feb 2024 19:06:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b="H9WEYkU4" Received: from smtp-190e.mail.infomaniak.ch (smtp-190e.mail.infomaniak.ch [185.125.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CA76EEAD2 for ; Fri, 23 Feb 2024 19:06:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=185.125.25.14 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708715169; cv=none; b=kCmqUTWlQUmmdBJ4xCuCgxVgJRWhMOm7N5ktVvC+SZdi7FDoGH5gO5kJjOONGJU0+I/yR0eCt5ar1XSNg4bV69InUlEh3JxwvJWFmPYdRqowRu/Vtb4mZEzhGQSTLHpZ05slwe3LoWFcJRSJCVtH0TtJaq7Us7ZH0NLG4pfnaII= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708715169; c=relaxed/simple; bh=YdGYAHw605VafQ4cjqctlQpaI+zPzB3uwPRkJjOjJFE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=oQBkYuzkXENYgvB6tBMAE/1Z2pKhp+Pq6sUv9EI6yas0U74GqkrYrj17BBRMyIcKytSs+GYM1aFWfHysrYOM7qy5HhtYhU9wNxxCIOxsHKbnQLnYqoQPPtQHtrJOUV9GKuj+P/UuHE/ZB+1p9Y7uG6YO+duCmYWFQ0UkB0EecT0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net; spf=pass smtp.mailfrom=digikod.net; dkim=pass (1024-bit key) header.d=digikod.net header.i=@digikod.net header.b=H9WEYkU4; arc=none smtp.client-ip=185.125.25.14 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=digikod.net Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=digikod.net Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4ThKGv49QfzMq2xt; Fri, 23 Feb 2024 20:05:59 +0100 (CET) Received: from unknown by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 4ThKGv0pfYzMpnPc; Fri, 23 Feb 2024 20:05:59 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=digikod.net; s=20191114; t=1708715159; bh=YdGYAHw605VafQ4cjqctlQpaI+zPzB3uwPRkJjOjJFE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=H9WEYkU4GyTi79yWNsj+FBBwY2I/Zm9vHlkuL2GG+FniECt0mVFOKqZkNHj7g0SR7 1np3Zpre5uRvuBsKC4mPYJ5qluB+Q7MQHE2a6o6JlD2DBpzYmaKjK/DqFEAQxkf9yy XQrvusHt5juvdNyRutZawD3xEJfECNx2tvu5UI24= From: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= To: Casey Schaufler , John Johansen , Paul Moore Cc: =?utf-8?q?Micka=C3=ABl_Sala=C3=BCn?= , James Morris , "Serge E . Hallyn" , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH 2/2] AppArmor: Fix lsm_get_self_attr() Date: Fri, 23 Feb 2024 20:05:46 +0100 Message-ID: <20240223190546.3329966-2-mic@digikod.net> In-Reply-To: <20240223190546.3329966-1-mic@digikod.net> References: <20240223190546.3329966-1-mic@digikod.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Infomaniak-Routing: alpha X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1791717749018098700 X-GMAIL-MSGID: 1791717749018098700 aa_getprocattr() may not initialize the value's pointer in some case. As for proc_pid_attr_read(), initialize this pointer to NULL in apparmor_getselfattr() to avoid an UAF in the kfree() call. Cc: Casey Schaufler Cc: John Johansen Cc: Paul Moore Cc: stable@vger.kernel.org Fixes: 223981db9baf ("AppArmor: Add selfattr hooks") Signed-off-by: Mickaël Salaün Reviewed-by: Paul Moore --- security/apparmor/lsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 98e1150bee9d..9a3dcaafb5b1 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -784,7 +784,7 @@ static int apparmor_getselfattr(unsigned int attr, struct lsm_ctx __user *lx, int error = -ENOENT; struct aa_task_ctx *ctx = task_ctx(current); struct aa_label *label = NULL; - char *value; + char *value = NULL; switch (attr) { case LSM_ATTR_CURRENT: