diff options
| author | Ahmed S. Darwish <darwish.07@gmail.com> | 2008-03-19 20:00:51 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-03-19 21:53:36 -0400 |
| commit | 1d252fb870aa9cd227c4beb1a226ecd434f57f28 (patch) | |
| tree | 4a7b956c01487454b139e1df271518f36ca32285 | |
| parent | 4ebf89845bea44a164d1fbb8fa319379ec7132de (diff) | |
smack: do not dereference NULL ipc object
In the SYSV ipc msgctl(),semctl(),shmctl() family, if the user passed *_INFO
as the desired operation, no specific object is meant to be controlled and
only system-wide information is returned. This leads to a NULL IPC object in
the LSM hooks if the _INFO flag is given.
Avoid dereferencing this NULL pointer in Smack ipc *ctl() methods.
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
| -rw-r--r-- | security/smack/smack_lsm.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 0241fd359675..38d707593b31 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -1508,7 +1508,7 @@ static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) | |||
| 1508 | */ | 1508 | */ |
| 1509 | static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) | 1509 | static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) |
| 1510 | { | 1510 | { |
| 1511 | char *ssp = smack_of_shm(shp); | 1511 | char *ssp; |
| 1512 | int may; | 1512 | int may; |
| 1513 | 1513 | ||
| 1514 | switch (cmd) { | 1514 | switch (cmd) { |
| @@ -1532,6 +1532,7 @@ static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) | |||
| 1532 | return -EINVAL; | 1532 | return -EINVAL; |
| 1533 | } | 1533 | } |
| 1534 | 1534 | ||
| 1535 | ssp = smack_of_shm(shp); | ||
| 1535 | return smk_curacc(ssp, may); | 1536 | return smk_curacc(ssp, may); |
| 1536 | } | 1537 | } |
| 1537 | 1538 | ||
| @@ -1616,7 +1617,7 @@ static int smack_sem_associate(struct sem_array *sma, int semflg) | |||
| 1616 | */ | 1617 | */ |
| 1617 | static int smack_sem_semctl(struct sem_array *sma, int cmd) | 1618 | static int smack_sem_semctl(struct sem_array *sma, int cmd) |
| 1618 | { | 1619 | { |
| 1619 | char *ssp = smack_of_sem(sma); | 1620 | char *ssp; |
| 1620 | int may; | 1621 | int may; |
| 1621 | 1622 | ||
| 1622 | switch (cmd) { | 1623 | switch (cmd) { |
| @@ -1645,6 +1646,7 @@ static int smack_sem_semctl(struct sem_array *sma, int cmd) | |||
| 1645 | return -EINVAL; | 1646 | return -EINVAL; |
| 1646 | } | 1647 | } |
| 1647 | 1648 | ||
| 1649 | ssp = smack_of_sem(sma); | ||
| 1648 | return smk_curacc(ssp, may); | 1650 | return smk_curacc(ssp, may); |
| 1649 | } | 1651 | } |
| 1650 | 1652 | ||
| @@ -1730,7 +1732,7 @@ static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) | |||
| 1730 | */ | 1732 | */ |
| 1731 | static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) | 1733 | static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) |
| 1732 | { | 1734 | { |
| 1733 | char *msp = smack_of_msq(msq); | 1735 | char *msp; |
| 1734 | int may; | 1736 | int may; |
| 1735 | 1737 | ||
| 1736 | switch (cmd) { | 1738 | switch (cmd) { |
| @@ -1752,6 +1754,7 @@ static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) | |||
| 1752 | return -EINVAL; | 1754 | return -EINVAL; |
| 1753 | } | 1755 | } |
| 1754 | 1756 | ||
| 1757 | msp = smack_of_msq(msq); | ||
| 1755 | return smk_curacc(msp, may); | 1758 | return smk_curacc(msp, may); |
| 1756 | } | 1759 | } |
| 1757 | 1760 | ||