| From foo@baz Sat 16 May 2020 02:04:40 PM CEST |
| From: Paolo Abeni <pabeni@redhat.com> |
| Date: Tue, 12 May 2020 14:43:14 +0200 |
| Subject: netlabel: cope with NULL catmap |
| |
| From: Paolo Abeni <pabeni@redhat.com> |
| |
| [ Upstream commit eead1c2ea2509fd754c6da893a94f0e69e83ebe4 ] |
| |
| The cipso and calipso code can set the MLS_CAT attribute on |
| successful parsing, even if the corresponding catmap has |
| not been allocated, as per current configuration and external |
| input. |
| |
| Later, selinux code tries to access the catmap if the MLS_CAT flag |
| is present via netlbl_catmap_getlong(). That may cause null ptr |
| dereference while processing incoming network traffic. |
| |
| Address the issue setting the MLS_CAT flag only if the catmap is |
| really allocated. Additionally let netlbl_catmap_getlong() cope |
| with NULL catmap. |
| |
| Reported-by: Matthew Sheets <matthew.sheets@gd-ms.com> |
| Fixes: 4b8feff251da ("netlabel: fix the horribly broken catmap functions") |
| Fixes: ceba1832b1b2 ("calipso: Set the calipso socket label to match the secattr.") |
| Signed-off-by: Paolo Abeni <pabeni@redhat.com> |
| Acked-by: Paul Moore <paul@paul-moore.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/ipv4/cipso_ipv4.c | 6 ++++-- |
| net/ipv6/calipso.c | 3 ++- |
| net/netlabel/netlabel_kapi.c | 6 ++++++ |
| 3 files changed, 12 insertions(+), 3 deletions(-) |
| |
| --- a/net/ipv4/cipso_ipv4.c |
| +++ b/net/ipv4/cipso_ipv4.c |
| @@ -1258,7 +1258,8 @@ static int cipso_v4_parsetag_rbm(const s |
| return ret_val; |
| } |
| |
| - secattr->flags |= NETLBL_SECATTR_MLS_CAT; |
| + if (secattr->attr.mls.cat) |
| + secattr->flags |= NETLBL_SECATTR_MLS_CAT; |
| } |
| |
| return 0; |
| @@ -1439,7 +1440,8 @@ static int cipso_v4_parsetag_rng(const s |
| return ret_val; |
| } |
| |
| - secattr->flags |= NETLBL_SECATTR_MLS_CAT; |
| + if (secattr->attr.mls.cat) |
| + secattr->flags |= NETLBL_SECATTR_MLS_CAT; |
| } |
| |
| return 0; |
| --- a/net/ipv6/calipso.c |
| +++ b/net/ipv6/calipso.c |
| @@ -1047,7 +1047,8 @@ static int calipso_opt_getattr(const uns |
| goto getattr_return; |
| } |
| |
| - secattr->flags |= NETLBL_SECATTR_MLS_CAT; |
| + if (secattr->attr.mls.cat) |
| + secattr->flags |= NETLBL_SECATTR_MLS_CAT; |
| } |
| |
| secattr->type = NETLBL_NLTYPE_CALIPSO; |
| --- a/net/netlabel/netlabel_kapi.c |
| +++ b/net/netlabel/netlabel_kapi.c |
| @@ -734,6 +734,12 @@ int netlbl_catmap_getlong(struct netlbl_ |
| if ((off & (BITS_PER_LONG - 1)) != 0) |
| return -EINVAL; |
| |
| + /* a null catmap is equivalent to an empty one */ |
| + if (!catmap) { |
| + *offset = (u32)-1; |
| + return 0; |
| + } |
| + |
| if (off < catmap->startbit) { |
| off = catmap->startbit; |
| *offset = off; |