Re: [PATCH] reiserfs: Initialize sec->length in reiserfs_security_init().

Paul Moore <paul@xxxxxxxxxxxxxx> · Sat, 20 May 2023 15:47:03 -0400

On Thu, May 11, 2023 at 10:49 AM Tetsuo Handa
<penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote:
>
> syzbot is reporting that sec->length is not initialized.
>
> Since security_inode_init_security() returns 0 when initxattrs is provided
> but call_int_hook(inode_init_security) returned -EOPNOTSUPP, control will
> reach to "if (sec->length && ...) {" without initializing sec->length.
>
> Reported-by: syzbot <syzbot+00a3779539a23cbee38c@xxxxxxxxxxxxxxxxxxxxxxxxx>
> Closes: https://syzkaller.appspot.com/bug?extid=00a3779539a23cbee38c
> Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
> Fixes: 52ca4b6435a4 ("reiserfs: Switch to security_inode_init_security()")
> ---
>  fs/reiserfs/xattr_security.c | 1 +
>  1 file changed, 1 insertion(+)

Adding the LSM list to the CC line.

> diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c
> index 6e0a099dd788..078dd8cc312f 100644
> --- a/fs/reiserfs/xattr_security.c
> +++ b/fs/reiserfs/xattr_security.c
> @@ -67,6 +67,7 @@ int reiserfs_security_init(struct inode *dir, struct inode *inode,
>
>         sec->name = NULL;
>         sec->value = NULL;
> +       sec->length = 0;
>
>         /* Don't add selinux attributes on xattrs - they'll never get used */
>         if (IS_PRIVATE(dir))
> --
> 2.18.4

-- 
paul-moore.com