Re: [PATCH] selinux: check for failed kmalloc insecurity_sid_to_context

From: Andrew Morton
Date: Mon May 08 2006 - 13:49:21 EST


James Morris <jmorris@xxxxxxxxx> wrote:
>
> On Wed, 26 Apr 2006, Serge E. Hallyn wrote:
>
> > Check for NULL kmalloc return value before writing to it.
> >
> > Signed-off-by: Serge E. Hallyn <serue@xxxxxxxxxx>
>
> Acked-by: James Morris <jmorris@xxxxxxxxx>
>
>
> > ---
> >
> > security/selinux/ss/services.c | 4 ++++
> > 1 files changed, 4 insertions(+), 0 deletions(-)
> >
> > 3d9cf05c7fa2578f87648dd0862e70cf7959ad7a
> > diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> > index 6149248..20b1065 100644
> > --- a/security/selinux/ss/services.c
> > +++ b/security/selinux/ss/services.c
> > @@ -593,6 +593,10 @@ int security_sid_to_context(u32 sid, cha
> >
> > *scontext_len = strlen(initial_sid_to_string[sid]) + 1;
> > scontextp = kmalloc(*scontext_len,GFP_ATOMIC);
> > + if (!scontextp) {
> > + rc = -ENOMEM;
> > + goto out;
> > + }
> > strcpy(scontextp, initial_sid_to_string[sid]);
> > *scontext = scontextp;
> > goto out;
> >
>

Given that GFP_ATOMIC can fail and it'll cause an oops I'll queue this for
2.6.17 and shall send it in the direction of the -stable guys too, thanks.

What will happen when one of the GFP_ATOMIC allocations in there fails?
Will the computer become insecure?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/