diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2008-12-10 07:16:12 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-01-04 15:14:40 -0500 |
commit | 20114f71b27cafeb7c7e41d2b0f0b68c3fbb022b (patch) | |
tree | fcbb481cfec8c11f103ba07dbb08819de3822d80 | |
parent | 7392906ea915b9a2c14dea32b3604b4e178f82f7 (diff) |
sanitize audit_mq_notify()
* don't copy_from_user() twice
* don't bother with allocations
* don't duplicate parts of audit_dummy_context()
* make it return void
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | include/linux/audit.h | 9 | ||||
-rw-r--r-- | ipc/mqueue.c | 14 | ||||
-rw-r--r-- | kernel/auditsc.c | 56 |
3 files changed, 27 insertions, 52 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index b7707e577b80..8101d2c4a995 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -453,7 +453,7 @@ extern int audit_set_macxattr(const char *name); | |||
453 | extern int __audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr); | 453 | extern int __audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr); |
454 | extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout); | 454 | extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout); |
455 | extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout); | 455 | extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout); |
456 | extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification); | 456 | extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification); |
457 | extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); | 457 | extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); |
458 | extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, | 458 | extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, |
459 | const struct cred *new, | 459 | const struct cred *new, |
@@ -494,11 +494,10 @@ static inline int audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned in | |||
494 | return __audit_mq_timedreceive(mqdes, msg_len, u_msg_prio, u_abs_timeout); | 494 | return __audit_mq_timedreceive(mqdes, msg_len, u_msg_prio, u_abs_timeout); |
495 | return 0; | 495 | return 0; |
496 | } | 496 | } |
497 | static inline int audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification) | 497 | static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) |
498 | { | 498 | { |
499 | if (unlikely(!audit_dummy_context())) | 499 | if (unlikely(!audit_dummy_context())) |
500 | return __audit_mq_notify(mqdes, u_notification); | 500 | __audit_mq_notify(mqdes, notification); |
501 | return 0; | ||
502 | } | 501 | } |
503 | static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) | 502 | static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) |
504 | { | 503 | { |
@@ -553,7 +552,7 @@ extern int audit_signals; | |||
553 | #define audit_mq_open(o,m,a) ({ 0; }) | 552 | #define audit_mq_open(o,m,a) ({ 0; }) |
554 | #define audit_mq_timedsend(d,l,p,t) ({ 0; }) | 553 | #define audit_mq_timedsend(d,l,p,t) ({ 0; }) |
555 | #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) | 554 | #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) |
556 | #define audit_mq_notify(d,n) ({ 0; }) | 555 | #define audit_mq_notify(d,n) ((void)0) |
557 | #define audit_mq_getsetattr(d,s) ((void)0) | 556 | #define audit_mq_getsetattr(d,s) ((void)0) |
558 | #define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; }) | 557 | #define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; }) |
559 | #define audit_log_capset(pid, ncr, ocr) ({ 0; }) | 558 | #define audit_log_capset(pid, ncr, ocr) ({ 0; }) |
diff --git a/ipc/mqueue.c b/ipc/mqueue.c index 7563611c6615..e7b2f68f8d77 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c | |||
@@ -1003,17 +1003,17 @@ asmlinkage long sys_mq_notify(mqd_t mqdes, | |||
1003 | struct mqueue_inode_info *info; | 1003 | struct mqueue_inode_info *info; |
1004 | struct sk_buff *nc; | 1004 | struct sk_buff *nc; |
1005 | 1005 | ||
1006 | ret = audit_mq_notify(mqdes, u_notification); | 1006 | if (u_notification) { |
1007 | if (ret != 0) | ||
1008 | return ret; | ||
1009 | |||
1010 | nc = NULL; | ||
1011 | sock = NULL; | ||
1012 | if (u_notification != NULL) { | ||
1013 | if (copy_from_user(¬ification, u_notification, | 1007 | if (copy_from_user(¬ification, u_notification, |
1014 | sizeof(struct sigevent))) | 1008 | sizeof(struct sigevent))) |
1015 | return -EFAULT; | 1009 | return -EFAULT; |
1010 | } | ||
1011 | |||
1012 | audit_mq_notify(mqdes, u_notification ? ¬ification : NULL); | ||
1016 | 1013 | ||
1014 | nc = NULL; | ||
1015 | sock = NULL; | ||
1016 | if (u_notification != NULL) { | ||
1017 | if (unlikely(notification.sigev_notify != SIGEV_NONE && | 1017 | if (unlikely(notification.sigev_notify != SIGEV_NONE && |
1018 | notification.sigev_notify != SIGEV_SIGNAL && | 1018 | notification.sigev_notify != SIGEV_SIGNAL && |
1019 | notification.sigev_notify != SIGEV_THREAD)) | 1019 | notification.sigev_notify != SIGEV_THREAD)) |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index c50178c7e245..3ece960de894 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -139,12 +139,6 @@ struct audit_aux_data_mq_sendrecv { | |||
139 | struct timespec abs_timeout; | 139 | struct timespec abs_timeout; |
140 | }; | 140 | }; |
141 | 141 | ||
142 | struct audit_aux_data_mq_notify { | ||
143 | struct audit_aux_data d; | ||
144 | mqd_t mqdes; | ||
145 | struct sigevent notification; | ||
146 | }; | ||
147 | |||
148 | struct audit_aux_data_execve { | 142 | struct audit_aux_data_execve { |
149 | struct audit_aux_data d; | 143 | struct audit_aux_data d; |
150 | int argc; | 144 | int argc; |
@@ -246,6 +240,10 @@ struct audit_context { | |||
246 | mqd_t mqdes; | 240 | mqd_t mqdes; |
247 | struct mq_attr mqstat; | 241 | struct mq_attr mqstat; |
248 | } mq_getsetattr; | 242 | } mq_getsetattr; |
243 | struct { | ||
244 | mqd_t mqdes; | ||
245 | int sigev_signo; | ||
246 | } mq_notify; | ||
249 | }; | 247 | }; |
250 | 248 | ||
251 | #if AUDIT_DEBUG | 249 | #if AUDIT_DEBUG |
@@ -1267,6 +1265,11 @@ static void show_special(struct audit_context *context, int *call_panic) | |||
1267 | return; | 1265 | return; |
1268 | } | 1266 | } |
1269 | break; } | 1267 | break; } |
1268 | case AUDIT_MQ_NOTIFY: { | ||
1269 | audit_log_format(ab, "mqdes=%d sigev_signo=%d", | ||
1270 | context->mq_notify.mqdes, | ||
1271 | context->mq_notify.sigev_signo); | ||
1272 | break; } | ||
1270 | case AUDIT_MQ_GETSETATTR: { | 1273 | case AUDIT_MQ_GETSETATTR: { |
1271 | struct mq_attr *attr = &context->mq_getsetattr.mqstat; | 1274 | struct mq_attr *attr = &context->mq_getsetattr.mqstat; |
1272 | audit_log_format(ab, | 1275 | audit_log_format(ab, |
@@ -1376,14 +1379,6 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
1376 | axi->abs_timeout.tv_sec, axi->abs_timeout.tv_nsec); | 1379 | axi->abs_timeout.tv_sec, axi->abs_timeout.tv_nsec); |
1377 | break; } | 1380 | break; } |
1378 | 1381 | ||
1379 | case AUDIT_MQ_NOTIFY: { | ||
1380 | struct audit_aux_data_mq_notify *axi = (void *)aux; | ||
1381 | audit_log_format(ab, | ||
1382 | "mqdes=%d sigev_signo=%d", | ||
1383 | axi->mqdes, | ||
1384 | axi->notification.sigev_signo); | ||
1385 | break; } | ||
1386 | |||
1387 | case AUDIT_EXECVE: { | 1382 | case AUDIT_EXECVE: { |
1388 | struct audit_aux_data_execve *axi = (void *)aux; | 1383 | struct audit_aux_data_execve *axi = (void *)aux; |
1389 | audit_log_execve_info(context, &ab, axi); | 1384 | audit_log_execve_info(context, &ab, axi); |
@@ -2274,38 +2269,19 @@ int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, | |||
2274 | * @mqdes: MQ descriptor | 2269 | * @mqdes: MQ descriptor |
2275 | * @u_notification: Notification event | 2270 | * @u_notification: Notification event |
2276 | * | 2271 | * |
2277 | * Returns 0 for success or NULL context or < 0 on error. | ||
2278 | */ | 2272 | */ |
2279 | 2273 | ||
2280 | int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification) | 2274 | void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) |
2281 | { | 2275 | { |
2282 | struct audit_aux_data_mq_notify *ax; | ||
2283 | struct audit_context *context = current->audit_context; | 2276 | struct audit_context *context = current->audit_context; |
2284 | 2277 | ||
2285 | if (!audit_enabled) | 2278 | if (notification) |
2286 | return 0; | 2279 | context->mq_notify.sigev_signo = notification->sigev_signo; |
2287 | 2280 | else | |
2288 | if (likely(!context)) | 2281 | context->mq_notify.sigev_signo = 0; |
2289 | return 0; | ||
2290 | |||
2291 | ax = kmalloc(sizeof(*ax), GFP_ATOMIC); | ||
2292 | if (!ax) | ||
2293 | return -ENOMEM; | ||
2294 | |||
2295 | if (u_notification != NULL) { | ||
2296 | if (copy_from_user(&ax->notification, u_notification, sizeof(ax->notification))) { | ||
2297 | kfree(ax); | ||
2298 | return -EFAULT; | ||
2299 | } | ||
2300 | } else | ||
2301 | memset(&ax->notification, 0, sizeof(ax->notification)); | ||
2302 | |||
2303 | ax->mqdes = mqdes; | ||
2304 | 2282 | ||
2305 | ax->d.type = AUDIT_MQ_NOTIFY; | 2283 | context->mq_notify.mqdes = mqdes; |
2306 | ax->d.next = context->aux; | 2284 | context->type = AUDIT_MQ_NOTIFY; |
2307 | context->aux = (void *)ax; | ||
2308 | return 0; | ||
2309 | } | 2285 | } |
2310 | 2286 | ||
2311 | /** | 2287 | /** |