Re: [PATCH 25/27] NET: Add SO_PEERCONTEXT for multiple LSMs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 26 Jul 2019 at 16:39:21 -0700, Casey Schaufler wrote:
> A new option SO_PEERCONTEXT is added to report the
> security "context" of multiple modules using a "compound" format
> 
> 	lsm1\0value\0lsm2\0value\0

> +		/*
> +		 * A compound context, in the form lsm='value'[,lsm='value']...
> +		 */

Presumably the commit message (and the implementation) means the comment
is out of date?

> +			/*
> +			 * Don't propogate trailing nul bytes.
> +			 */
> +			clen = strnlen(cp, clen) + 1;
> +			tlen = llen + clen;
...
> +			memcpy(tp + finallen + llen, cp, clen);

This assumes that cp points to a '\0'-terminated string, with the '\0'
either inside the span of memory cp[clen]..cp[clen-1], or at cp[clen]
(which is just outside the range that is obviously safe to access).
Is that assumption robust? If an LSM that worked with length-counted
("Pascal") strings internally would be allowed to fill the buffer with
nonzero bytes and not place a '\0' immediately after it, then it would
be necessary to insert the NUL explicitly:

    clen = strnlen(cp, clen);
    tlen = llen + clen + 1;
    ...
    memcpy(tp + finallen + llen, cp, clen);
    tp[finallen + llen + clen] = '\0';

Thanks,
    smcv



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux