summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2020-12-14 23:05:10 +0300
committerLinus Torvalds <torvalds@linux-foundation.org>2020-12-14 23:05:10 +0300
commitda0628559871475b482f015dc24c9bef372936e4 (patch)
tree321af8748bb3de173183d3d86816a7f46254dd9b /security
parentfab0fca1da5cdc48be051715cd9787df04fdce3a (diff)
parent15269fb193108ba8a3774507d0bbd70949ab610d (diff)
downloadlinux-da0628559871475b482f015dc24c9bef372936e4.tar.xz
Merge tag 'tomoyo-pr-20201214' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1
Pull tomoyo updates from Tetsuo Handa: "Limit recursion depth, fix clang warning, fix comment typo, and silence memory allocation failure warning" * tag 'tomoyo-pr-20201214' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1: tomoyo: Fix typo in comments. tomoyo: Fix null pointer check tomoyo: Limit wildcard recursion depth. tomoyo: fix clang pointer arithmetic warning tomoyo: Loosen pathname/domainname validation.
Diffstat (limited to 'security')
-rw-r--r--security/tomoyo/audit.c2
-rw-r--r--security/tomoyo/common.c8
-rw-r--r--security/tomoyo/condition.c2
-rw-r--r--security/tomoyo/domain.c6
-rw-r--r--security/tomoyo/gc.c2
-rw-r--r--security/tomoyo/memory.c4
-rw-r--r--security/tomoyo/securityfs_if.c6
-rw-r--r--security/tomoyo/util.c55
8 files changed, 44 insertions, 41 deletions
diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c
index 3c96e8402e94..b51bad121c11 100644
--- a/security/tomoyo/audit.c
+++ b/security/tomoyo/audit.c
@@ -311,7 +311,7 @@ static LIST_HEAD(tomoyo_log);
/* Lock for "struct list_head tomoyo_log". */
static DEFINE_SPINLOCK(tomoyo_log_lock);
-/* Length of "stuct list_head tomoyo_log". */
+/* Length of "struct list_head tomoyo_log". */
static unsigned int tomoyo_log_count;
/**
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 4bee32bfe16d..5c64927bf2b3 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -498,7 +498,7 @@ static struct tomoyo_profile *tomoyo_assign_profile
ptr = ns->profile_ptr[profile];
if (ptr)
return ptr;
- entry = kzalloc(sizeof(*entry), GFP_NOFS);
+ entry = kzalloc(sizeof(*entry), GFP_NOFS | __GFP_NOWARN);
if (mutex_lock_interruptible(&tomoyo_policy_lock))
goto out;
ptr = ns->profile_ptr[profile];
@@ -635,7 +635,7 @@ static int tomoyo_set_mode(char *name, const char *value,
if (strstr(value, tomoyo_mode[mode]))
/*
* Update lower 3 bits in order to distinguish
- * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'.
+ * 'config' from 'TOMOYO_CONFIG_USE_DEFAULT'.
*/
config = (config & ~7) | mode;
if (config != TOMOYO_CONFIG_USE_DEFAULT) {
@@ -2574,7 +2574,7 @@ static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer *head)
* tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
*
* @head: Pointer to "struct tomoyo_io_buffer".
- * @buffer: Poiner to buffer to write to.
+ * @buffer: Pointer to buffer to write to.
* @buffer_len: Size of @buffer.
*
* Returns bytes read on success, negative value otherwise.
@@ -2608,7 +2608,7 @@ ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer,
/**
* tomoyo_parse_policy - Parse a policy line.
*
- * @head: Poiter to "struct tomoyo_io_buffer".
+ * @head: Pointer to "struct tomoyo_io_buffer".
* @line: Line to parse.
*
* Returns 0 on success, negative value otherwise.
diff --git a/security/tomoyo/condition.c b/security/tomoyo/condition.c
index 8f6d57c15df6..f8bcc083bb0d 100644
--- a/security/tomoyo/condition.c
+++ b/security/tomoyo/condition.c
@@ -98,7 +98,7 @@ static bool tomoyo_envp(const char *env_name, const char *env_value,
* @argc: Length of @argc.
* @argv: Pointer to "struct tomoyo_argv".
* @envc: Length of @envp.
- * @envp: Poiner to "struct tomoyo_envp".
+ * @envp: Pointer to "struct tomoyo_envp".
*
* Returns true on success, false otherwise.
*/
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index dc4ecc0b2038..98d985895ec8 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -473,9 +473,7 @@ struct tomoyo_policy_namespace *tomoyo_assign_namespace(const char *domainname)
return ptr;
if (len >= TOMOYO_EXEC_TMPSIZE - 10 || !tomoyo_domain_def(domainname))
return NULL;
- entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS);
- if (!entry)
- return NULL;
+ entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS | __GFP_NOWARN);
if (mutex_lock_interruptible(&tomoyo_policy_lock))
goto out;
ptr = tomoyo_find_namespace(domainname, len);
@@ -891,7 +889,7 @@ force_jump_domain:
*
* @bprm: Pointer to "struct linux_binprm".
* @pos: Location to dump.
- * @dump: Poiner to "struct tomoyo_page_dump".
+ * @dump: Pointer to "struct tomoyo_page_dump".
*
* Returns true on success, false otherwise.
*/
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index 9537832fca18..026e29ea3796 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -463,7 +463,7 @@ static void tomoyo_try_to_gc(const enum tomoyo_policy_id type,
return;
reinject:
/*
- * We can safely reinject this element here bacause
+ * We can safely reinject this element here because
* (1) Appending list elements and removing list elements are protected
* by tomoyo_policy_lock mutex.
* (2) Only this function removes list elements and this function is
diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c
index 2e7fcfa923c9..1b570bde7a3b 100644
--- a/security/tomoyo/memory.c
+++ b/security/tomoyo/memory.c
@@ -73,7 +73,7 @@ bool tomoyo_memory_ok(void *ptr)
*/
void *tomoyo_commit_ok(void *data, const unsigned int size)
{
- void *ptr = kzalloc(size, GFP_NOFS);
+ void *ptr = kzalloc(size, GFP_NOFS | __GFP_NOWARN);
if (tomoyo_memory_ok(ptr)) {
memmove(ptr, data, size);
@@ -170,7 +170,7 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name)
atomic_inc(&ptr->head.users);
goto out;
}
- ptr = kzalloc(sizeof(*ptr) + len, GFP_NOFS);
+ ptr = kzalloc(sizeof(*ptr) + len, GFP_NOFS | __GFP_NOWARN);
if (tomoyo_memory_ok(ptr)) {
ptr->entry.name = ((char *) ptr) + sizeof(*ptr);
memmove((char *) ptr->entry.name, name, len);
diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c
index 546281c5b233..065f4941c4d8 100644
--- a/security/tomoyo/securityfs_if.c
+++ b/security/tomoyo/securityfs_if.c
@@ -131,8 +131,8 @@ static const struct file_operations tomoyo_self_operations = {
*/
static int tomoyo_open(struct inode *inode, struct file *file)
{
- const int key = ((u8 *) file_inode(file)->i_private)
- - ((u8 *) NULL);
+ const u8 key = (uintptr_t) file_inode(file)->i_private;
+
return tomoyo_open_control(key, file);
}
@@ -223,7 +223,7 @@ static const struct file_operations tomoyo_operations = {
static void __init tomoyo_create_entry(const char *name, const umode_t mode,
struct dentry *parent, const u8 key)
{
- securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
+ securityfs_create_file(name, mode, parent, (void *) (uintptr_t) key,
&tomoyo_operations);
}
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index a40abb0b91ee..176b803ebcfc 100644
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -434,59 +434,64 @@ void tomoyo_normalize_line(unsigned char *buffer)
*/
static bool tomoyo_correct_word2(const char *string, size_t len)
{
+ u8 recursion = 20;
const char *const start = string;
bool in_repetition = false;
- unsigned char c;
- unsigned char d;
- unsigned char e;
if (!len)
goto out;
while (len--) {
- c = *string++;
+ unsigned char c = *string++;
+
if (c == '\\') {
if (!len--)
goto out;
c = *string++;
+ if (c >= '0' && c <= '3') {
+ unsigned char d;
+ unsigned char e;
+
+ if (!len-- || !len--)
+ goto out;
+ d = *string++;
+ e = *string++;
+ if (d < '0' || d > '7' || e < '0' || e > '7')
+ goto out;
+ c = tomoyo_make_byte(c, d, e);
+ if (c <= ' ' || c >= 127)
+ continue;
+ goto out;
+ }
switch (c) {
case '\\': /* "\\" */
- continue;
- case '$': /* "\$" */
case '+': /* "\+" */
case '?': /* "\?" */
+ case 'x': /* "\x" */
+ case 'a': /* "\a" */
+ case '-': /* "\-" */
+ continue;
+ }
+ if (!recursion--)
+ goto out;
+ switch (c) {
case '*': /* "\*" */
case '@': /* "\@" */
- case 'x': /* "\x" */
+ case '$': /* "\$" */
case 'X': /* "\X" */
- case 'a': /* "\a" */
case 'A': /* "\A" */
- case '-': /* "\-" */
continue;
case '{': /* "/\{" */
if (string - 3 < start || *(string - 3) != '/')
- break;
+ goto out;
in_repetition = true;
continue;
case '}': /* "\}/" */
if (*string != '/')
- break;
+ goto out;
if (!in_repetition)
- break;
+ goto out;
in_repetition = false;
continue;
- case '0': /* "\ooo" */
- case '1':
- case '2':
- case '3':
- if (!len-- || !len--)
- break;
- d = *string++;
- e = *string++;
- if (d < '0' || d > '7' || e < '0' || e > '7')
- break;
- c = tomoyo_make_byte(c, d, e);
- if (c <= ' ' || c >= 127)
- continue;
}
goto out;
} else if (in_repetition && c == '/') {