aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorAhmed S. Darwish <darwish.07@gmail.com>2008-03-19 20:00:51 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2008-03-19 21:53:36 -0400
commit1d252fb870aa9cd227c4beb1a226ecd434f57f28 (patch)
tree4a7b956c01487454b139e1df271518f36ca32285 /security
parent4ebf89845bea44a164d1fbb8fa319379ec7132de (diff)
smack: do not dereference NULL ipc object
In the SYSV ipc msgctl(),semctl(),shmctl() family, if the user passed *_INFO as the desired operation, no specific object is meant to be controlled and only system-wide information is returned. This leads to a NULL IPC object in the LSM hooks if the _INFO flag is given. Avoid dereferencing this NULL pointer in Smack ipc *ctl() methods. Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security')
-rw-r--r--security/smack/smack_lsm.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 0241fd359675..38d707593b31 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1508,7 +1508,7 @@ static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
1508 */ 1508 */
1509static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) 1509static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
1510{ 1510{
1511 char *ssp = smack_of_shm(shp); 1511 char *ssp;
1512 int may; 1512 int may;
1513 1513
1514 switch (cmd) { 1514 switch (cmd) {
@@ -1532,6 +1532,7 @@ static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
1532 return -EINVAL; 1532 return -EINVAL;
1533 } 1533 }
1534 1534
1535 ssp = smack_of_shm(shp);
1535 return smk_curacc(ssp, may); 1536 return smk_curacc(ssp, may);
1536} 1537}
1537 1538
@@ -1616,7 +1617,7 @@ static int smack_sem_associate(struct sem_array *sma, int semflg)
1616 */ 1617 */
1617static int smack_sem_semctl(struct sem_array *sma, int cmd) 1618static int smack_sem_semctl(struct sem_array *sma, int cmd)
1618{ 1619{
1619 char *ssp = smack_of_sem(sma); 1620 char *ssp;
1620 int may; 1621 int may;
1621 1622
1622 switch (cmd) { 1623 switch (cmd) {
@@ -1645,6 +1646,7 @@ static int smack_sem_semctl(struct sem_array *sma, int cmd)
1645 return -EINVAL; 1646 return -EINVAL;
1646 } 1647 }
1647 1648
1649 ssp = smack_of_sem(sma);
1648 return smk_curacc(ssp, may); 1650 return smk_curacc(ssp, may);
1649} 1651}
1650 1652
@@ -1730,7 +1732,7 @@ static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
1730 */ 1732 */
1731static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) 1733static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
1732{ 1734{
1733 char *msp = smack_of_msq(msq); 1735 char *msp;
1734 int may; 1736 int may;
1735 1737
1736 switch (cmd) { 1738 switch (cmd) {
@@ -1752,6 +1754,7 @@ static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
1752 return -EINVAL; 1754 return -EINVAL;
1753 } 1755 }
1754 1756
1757 msp = smack_of_msq(msq);
1755 return smk_curacc(msp, may); 1758 return smk_curacc(msp, may);
1756} 1759}
1757 1760