git: add521c1a5d2 - main - MAC/do: parse_rule_element(): Fix a panic, harden, simplify

From: Olivier Certner <olce_at_FreeBSD.org>
Date: Mon, 16 Dec 2024 14:45:53 UTC
The branch main has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=add521c1a5d21ec84454009d42d1dcd688d77008

commit add521c1a5d21ec84454009d42d1dcd688d77008
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-03 14:13:33 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-12-16 14:42:35 +0000

    MAC/do: parse_rule_element(): Fix a panic, harden, simplify
    
    The panic is caused by dereferencing 'element' at a point where it can
    be NULL (if string ends at the ':').
    
    Harden and simplify by enforcing the control flow rule in this function
    that jumping to the end is reserved for error cases.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47605
---
 sys/security/mac_do/mac_do.c | 38 +++++++++++++++++++++++---------------
 1 file changed, 23 insertions(+), 15 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index cb166cfd6128..3327711fa9b9 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -94,7 +94,7 @@ parse_rule_element(char *element, struct rule **rule)
 	type = strsep(&element, "=");
 	if (type == NULL) {
 		error = EINVAL;
-		goto out;
+		goto error;
 	}
 	if (strcmp(type, "uid") == 0) {
 		new->from_type = RULE_UID;
@@ -102,24 +102,30 @@ parse_rule_element(char *element, struct rule **rule)
 		new->from_type = RULE_GID;
 	} else {
 		error = EINVAL;
-		goto out;
+		goto error;
 	}
 	id = strsep(&element, ":");
 	if (id == NULL) {
 		error = EINVAL;
-		goto out;
+		goto error;
 	}
-	if (new->from_type == RULE_UID)
+	switch (new->from_type) {
+	case RULE_UID:
 		new->f_uid = strtol(id, &p, 10);
-	if (new->from_type == RULE_GID)
+		break;
+	case RULE_GID:
 		new->f_gid = strtol(id, &p, 10);
+		break;
+	default:
+		__assert_unreachable();
+	}
 	if (*p != '\0') {
 		error = EINVAL;
-		goto out;
+		goto error;
 	}
-	if (*element == '\0') {
+	if (element == NULL || *element == '\0') {
 		error = EINVAL;
-		goto out;
+		goto error;
 	}
 	if (strcmp(element, "any") == 0 || strcmp(element, "*") == 0) {
 		new->to_type = RULE_ANY;
@@ -128,15 +134,17 @@ parse_rule_element(char *element, struct rule **rule)
 		new->t_uid = strtol(element, &p, 10);
 		if (*p != '\0') {
 			error = EINVAL;
-			goto out;
+			goto error;
 		}
 	}
-out:
-	if (error != 0) {
-		free(new, M_DO);
-		*rule = NULL;
-	} else
-		*rule = new;
+
+	MPASS(error == 0);
+	*rule = new;
+	return (0);
+error:
+	MPASS(error != 0);
+	free(new, M_DO);
+	*rule = NULL;
 	return (error);
 }