forked from Minki/linux
Limit recursion depth, fix clang warning, fix comment typo, and
silence memory allocation failure warning. tomoyo: fix clang pointer arithmetic warning tomoyo: Limit wildcard recursion depth. tomoyo: Fix null pointer check tomoyo: Fix typo in comments. security/tomoyo/audit.c | 2 - security/tomoyo/common.c | 8 ++--- security/tomoyo/condition.c | 2 - security/tomoyo/domain.c | 6 +--- security/tomoyo/gc.c | 2 - security/tomoyo/memory.c | 4 +- security/tomoyo/securityfs_if.c | 6 ++-- security/tomoyo/util.c | 55 +++++++++++++++++++++------------------- 8 files changed, 44 insertions(+), 41 deletions(-) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAABAgAGBQJf1uc6AAoJEEJfEo0MZPUqRL8P/0a6n5oi4Ka2pmfh9u4AnuKo LY+LRxOv4g0oCMF/teVdeWNgM2B8sKE3F3sLlkLfcUu313mcsc1spg9LiZ87izkO OiCzFRI6Psn+o86s2mPcRExFDgg4DKdi91e3NlQQNDGkoHRoaPMr/viajzVCcKx1 toNtxEFczLYlATslRDK7CeXKhzOGvWM3HyuujI/nSPMdJIk0pY9UIS57NCtwUH2v HAWBgl6hU1Txa9rcl2F3jjDYE/v4JjOiZS+1IPm2nAYSAC8dMmmXthEZttlRIdqr 4zkoF+YzqPTnvjZvi5Owz8AmhmlW0FPtxAmack++yFaNXP3b1tCUrlFS6U5GPetE 5ZT0dwHJE9NGX07pVmNYb+APf0VLcNUdHtp+ja7QeyfmRdU8mV4RepTC7vdojcxS RgLz3aIhJL3EudxkHAes/Oc/rpdmJazSrhkzeIIShX1FC/iR6qTbU2tXMcBvwz8e hz5Jltr5RAgT3vrdApcvC/e/X9lZ8g+qdwgCYb2Wy/paRejjfxlGvYtB3ihVsDyl pPeIJTkQoMp4YycPYaQ1IwAEHCke6rKzbtxfOFR3otNRP0wHNn7H0bvzyAvv+ymB OTy/62p+DYpE9xDnKagjJGRsMp0zNum5UsMkg3fYixdK7PnQ/yNVcd7y12VldKhI mfkNbIsmFrrWsBJRJZNX =xb99 -----END PGP SIGNATURE----- Merge tag 'tomoyo-pr-20201214' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1 Pull tomoyo updates from Tetsuo Handa: "Limit recursion depth, fix clang warning, fix comment typo, and silence memory allocation failure warning" * tag 'tomoyo-pr-20201214' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1: tomoyo: Fix typo in comments. tomoyo: Fix null pointer check tomoyo: Limit wildcard recursion depth. tomoyo: fix clang pointer arithmetic warning tomoyo: Loosen pathname/domainname validation.
This commit is contained in:
commit
da06285598
@ -311,7 +311,7 @@ static LIST_HEAD(tomoyo_log);
|
||||
/* Lock for "struct list_head tomoyo_log". */
|
||||
static DEFINE_SPINLOCK(tomoyo_log_lock);
|
||||
|
||||
/* Length of "stuct list_head tomoyo_log". */
|
||||
/* Length of "struct list_head tomoyo_log". */
|
||||
static unsigned int tomoyo_log_count;
|
||||
|
||||
/**
|
||||
|
@ -498,7 +498,7 @@ static struct tomoyo_profile *tomoyo_assign_profile
|
||||
ptr = ns->profile_ptr[profile];
|
||||
if (ptr)
|
||||
return ptr;
|
||||
entry = kzalloc(sizeof(*entry), GFP_NOFS);
|
||||
entry = kzalloc(sizeof(*entry), GFP_NOFS | __GFP_NOWARN);
|
||||
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||
goto out;
|
||||
ptr = ns->profile_ptr[profile];
|
||||
@ -635,7 +635,7 @@ static int tomoyo_set_mode(char *name, const char *value,
|
||||
if (strstr(value, tomoyo_mode[mode]))
|
||||
/*
|
||||
* Update lower 3 bits in order to distinguish
|
||||
* 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'.
|
||||
* 'config' from 'TOMOYO_CONFIG_USE_DEFAULT'.
|
||||
*/
|
||||
config = (config & ~7) | mode;
|
||||
if (config != TOMOYO_CONFIG_USE_DEFAULT) {
|
||||
@ -2574,7 +2574,7 @@ static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer *head)
|
||||
* tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
|
||||
*
|
||||
* @head: Pointer to "struct tomoyo_io_buffer".
|
||||
* @buffer: Poiner to buffer to write to.
|
||||
* @buffer: Pointer to buffer to write to.
|
||||
* @buffer_len: Size of @buffer.
|
||||
*
|
||||
* Returns bytes read on success, negative value otherwise.
|
||||
@ -2608,7 +2608,7 @@ ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer,
|
||||
/**
|
||||
* tomoyo_parse_policy - Parse a policy line.
|
||||
*
|
||||
* @head: Poiter to "struct tomoyo_io_buffer".
|
||||
* @head: Pointer to "struct tomoyo_io_buffer".
|
||||
* @line: Line to parse.
|
||||
*
|
||||
* Returns 0 on success, negative value otherwise.
|
||||
|
@ -98,7 +98,7 @@ static bool tomoyo_envp(const char *env_name, const char *env_value,
|
||||
* @argc: Length of @argc.
|
||||
* @argv: Pointer to "struct tomoyo_argv".
|
||||
* @envc: Length of @envp.
|
||||
* @envp: Poiner to "struct tomoyo_envp".
|
||||
* @envp: Pointer to "struct tomoyo_envp".
|
||||
*
|
||||
* Returns true on success, false otherwise.
|
||||
*/
|
||||
|
@ -473,9 +473,7 @@ struct tomoyo_policy_namespace *tomoyo_assign_namespace(const char *domainname)
|
||||
return ptr;
|
||||
if (len >= TOMOYO_EXEC_TMPSIZE - 10 || !tomoyo_domain_def(domainname))
|
||||
return NULL;
|
||||
entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS);
|
||||
if (!entry)
|
||||
return NULL;
|
||||
entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS | __GFP_NOWARN);
|
||||
if (mutex_lock_interruptible(&tomoyo_policy_lock))
|
||||
goto out;
|
||||
ptr = tomoyo_find_namespace(domainname, len);
|
||||
@ -891,7 +889,7 @@ force_jump_domain:
|
||||
*
|
||||
* @bprm: Pointer to "struct linux_binprm".
|
||||
* @pos: Location to dump.
|
||||
* @dump: Poiner to "struct tomoyo_page_dump".
|
||||
* @dump: Pointer to "struct tomoyo_page_dump".
|
||||
*
|
||||
* Returns true on success, false otherwise.
|
||||
*/
|
||||
|
@ -463,7 +463,7 @@ static void tomoyo_try_to_gc(const enum tomoyo_policy_id type,
|
||||
return;
|
||||
reinject:
|
||||
/*
|
||||
* We can safely reinject this element here bacause
|
||||
* We can safely reinject this element here because
|
||||
* (1) Appending list elements and removing list elements are protected
|
||||
* by tomoyo_policy_lock mutex.
|
||||
* (2) Only this function removes list elements and this function is
|
||||
|
@ -73,7 +73,7 @@ bool tomoyo_memory_ok(void *ptr)
|
||||
*/
|
||||
void *tomoyo_commit_ok(void *data, const unsigned int size)
|
||||
{
|
||||
void *ptr = kzalloc(size, GFP_NOFS);
|
||||
void *ptr = kzalloc(size, GFP_NOFS | __GFP_NOWARN);
|
||||
|
||||
if (tomoyo_memory_ok(ptr)) {
|
||||
memmove(ptr, data, size);
|
||||
@ -170,7 +170,7 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name)
|
||||
atomic_inc(&ptr->head.users);
|
||||
goto out;
|
||||
}
|
||||
ptr = kzalloc(sizeof(*ptr) + len, GFP_NOFS);
|
||||
ptr = kzalloc(sizeof(*ptr) + len, GFP_NOFS | __GFP_NOWARN);
|
||||
if (tomoyo_memory_ok(ptr)) {
|
||||
ptr->entry.name = ((char *) ptr) + sizeof(*ptr);
|
||||
memmove((char *) ptr->entry.name, name, len);
|
||||
|
@ -131,8 +131,8 @@ static const struct file_operations tomoyo_self_operations = {
|
||||
*/
|
||||
static int tomoyo_open(struct inode *inode, struct file *file)
|
||||
{
|
||||
const int key = ((u8 *) file_inode(file)->i_private)
|
||||
- ((u8 *) NULL);
|
||||
const u8 key = (uintptr_t) file_inode(file)->i_private;
|
||||
|
||||
return tomoyo_open_control(key, file);
|
||||
}
|
||||
|
||||
@ -223,7 +223,7 @@ static const struct file_operations tomoyo_operations = {
|
||||
static void __init tomoyo_create_entry(const char *name, const umode_t mode,
|
||||
struct dentry *parent, const u8 key)
|
||||
{
|
||||
securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
|
||||
securityfs_create_file(name, mode, parent, (void *) (uintptr_t) key,
|
||||
&tomoyo_operations);
|
||||
}
|
||||
|
||||
|
@ -434,59 +434,64 @@ void tomoyo_normalize_line(unsigned char *buffer)
|
||||
*/
|
||||
static bool tomoyo_correct_word2(const char *string, size_t len)
|
||||
{
|
||||
u8 recursion = 20;
|
||||
const char *const start = string;
|
||||
bool in_repetition = false;
|
||||
unsigned char c;
|
||||
unsigned char d;
|
||||
unsigned char e;
|
||||
|
||||
if (!len)
|
||||
goto out;
|
||||
while (len--) {
|
||||
c = *string++;
|
||||
unsigned char c = *string++;
|
||||
|
||||
if (c == '\\') {
|
||||
if (!len--)
|
||||
goto out;
|
||||
c = *string++;
|
||||
if (c >= '0' && c <= '3') {
|
||||
unsigned char d;
|
||||
unsigned char e;
|
||||
|
||||
if (!len-- || !len--)
|
||||
goto out;
|
||||
d = *string++;
|
||||
e = *string++;
|
||||
if (d < '0' || d > '7' || e < '0' || e > '7')
|
||||
goto out;
|
||||
c = tomoyo_make_byte(c, d, e);
|
||||
if (c <= ' ' || c >= 127)
|
||||
continue;
|
||||
goto out;
|
||||
}
|
||||
switch (c) {
|
||||
case '\\': /* "\\" */
|
||||
continue;
|
||||
case '$': /* "\$" */
|
||||
case '+': /* "\+" */
|
||||
case '?': /* "\?" */
|
||||
case 'x': /* "\x" */
|
||||
case 'a': /* "\a" */
|
||||
case '-': /* "\-" */
|
||||
continue;
|
||||
}
|
||||
if (!recursion--)
|
||||
goto out;
|
||||
switch (c) {
|
||||
case '*': /* "\*" */
|
||||
case '@': /* "\@" */
|
||||
case 'x': /* "\x" */
|
||||
case '$': /* "\$" */
|
||||
case 'X': /* "\X" */
|
||||
case 'a': /* "\a" */
|
||||
case 'A': /* "\A" */
|
||||
case '-': /* "\-" */
|
||||
continue;
|
||||
case '{': /* "/\{" */
|
||||
if (string - 3 < start || *(string - 3) != '/')
|
||||
break;
|
||||
goto out;
|
||||
in_repetition = true;
|
||||
continue;
|
||||
case '}': /* "\}/" */
|
||||
if (*string != '/')
|
||||
break;
|
||||
goto out;
|
||||
if (!in_repetition)
|
||||
break;
|
||||
goto out;
|
||||
in_repetition = false;
|
||||
continue;
|
||||
case '0': /* "\ooo" */
|
||||
case '1':
|
||||
case '2':
|
||||
case '3':
|
||||
if (!len-- || !len--)
|
||||
break;
|
||||
d = *string++;
|
||||
e = *string++;
|
||||
if (d < '0' || d > '7' || e < '0' || e > '7')
|
||||
break;
|
||||
c = tomoyo_make_byte(c, d, e);
|
||||
if (c <= ' ' || c >= 127)
|
||||
continue;
|
||||
}
|
||||
goto out;
|
||||
} else if (in_repetition && c == '/') {
|
||||
|
Loading…
Reference in New Issue
Block a user