From nobody Mon Dec 16 14:45:53 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRj53Rxz5hWLf; Mon, 16 Dec 2024 14:45:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRj3nLpz4ddx; Mon, 16 Dec 2024 14:45:53 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=f0mZO9hybjNpZbQ+lyipPvJkzTrapqN0iTwQ1D0JJ6g=; b=T3ATj+uh7FlbH6Im1f0pGKPNnQq5J4dXyE70uAw264PVbUuHVw8Q1oHszAi0xchVCNK4Dz zN7sKzlqv8AQPGv253RsCLbpneT7lDzyGAVShawj27RAIzMC8VGFrvK5FSC0cBbbYzkBjj 3/hhfeYP2hAthPYiuTRKSOtDDmI+l0UiOUuEDr/g9VmSkaFhI7YboVGX0Qu5s4V7nOp7IC aHniRPWDR8uuWc08CCpLVRwIXZCwpYRfzmi8de2ekhqv07j9zj+LKB221f2RoZU/GAIZSf ZeLZ7NeAiOzjlUSe2+/JBDyk6z7f/xKdUyQvXhkkI6qZIVh7eUTORKWvNmcV7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1734360353; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=f0mZO9hybjNpZbQ+lyipPvJkzTrapqN0iTwQ1D0JJ6g=; b=MtaWp1ktSjp6sIgdLCIANlFtoXcGTPkRwcSjK+LfYAkS58ebj1pJ2Zytyn6H8D1eQwsnoc YHoqkc/0WTPB/O967xFFH9SFqB40onriUQs92S5Glg70eqTIzZrLHSyNChZc/mre9D/Bg6 Z2cwYn6zYD2GvBwf/9h8wS849Dgjq2WUVi04DuNHQ7jn2QMuLiYvdaLVV2UIYUxsy7XIhh 9E7YHMD2NbGDGSUxvivpZuYgkZb/a0+9O/kSc/joJyVk4VJvElZbZaoURZYif8JN+47SN+ XCeLhfoyNLCnybSmBAg/g0v0szlQ1Wn2SJB4EZBSzCUtana9gh7STR5W0ifBqA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360353; a=rsa-sha256; cv=none; b=d9UB/TVRKrqC2UJDM8S35L5Y4fLqD9XsepF/vZUi3cR49Sj6bkAX3CTqJz7zrrOM65TP8k D6ZZUaa6j9bAeyHc0MKrN4Yi+1ey1J60Fk1ot6gWd6iQWcAk658OpSIzRuapt9TR3lBY9r fy4yAZvbz58FVQA43M5zj6vwMEZ1wXmSSLdWN3/FfoZwFz37ZZRI48ykHBmAhsnVPF4x9a VUi6PA+x1dzqVUnczc3C4d0MjaHda8vk968jUamqGUbifmJal7GqdzKLXwZIPf6oXuTm50 kw5xNILqVqVuIwOLmOONq6YeowK1B8vPq5SglKJYYgA0YaMltEut4kqAhmPnbg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRj3PyhzxYL; Mon, 16 Dec 2024 14:45:53 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEjr1N053209; Mon, 16 Dec 2024 14:45:53 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEjrxQ053206; Mon, 16 Dec 2024 14:45:53 GMT (envelope-from git) Date: Mon, 16 Dec 2024 14:45:53 GMT Message-Id: <202412161445.4BGEjrxQ053206@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: add521c1a5d2 - main - MAC/do: parse_rule_element(): Fix a panic, harden, simplify List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: add521c1a5d21ec84454009d42d1dcd688d77008 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=add521c1a5d21ec84454009d42d1dcd688d77008 commit add521c1a5d21ec84454009d42d1dcd688d77008 Author: Olivier Certner AuthorDate: 2024-07-03 14:13:33 +0000 Commit: Olivier Certner CommitDate: 2024-12-16 14:42:35 +0000 MAC/do: parse_rule_element(): Fix a panic, harden, simplify The panic is caused by dereferencing 'element' at a point where it can be NULL (if string ends at the ':'). Harden and simplify by enforcing the control flow rule in this function that jumping to the end is reserved for error cases. Reviewed by: bapt Approved by: markj (mentor) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D47605 --- sys/security/mac_do/mac_do.c | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c index cb166cfd6128..3327711fa9b9 100644 --- a/sys/security/mac_do/mac_do.c +++ b/sys/security/mac_do/mac_do.c @@ -94,7 +94,7 @@ parse_rule_element(char *element, struct rule **rule) type = strsep(&element, "="); if (type == NULL) { error = EINVAL; - goto out; + goto error; } if (strcmp(type, "uid") == 0) { new->from_type = RULE_UID; @@ -102,24 +102,30 @@ parse_rule_element(char *element, struct rule **rule) new->from_type = RULE_GID; } else { error = EINVAL; - goto out; + goto error; } id = strsep(&element, ":"); if (id == NULL) { error = EINVAL; - goto out; + goto error; } - if (new->from_type == RULE_UID) + switch (new->from_type) { + case RULE_UID: new->f_uid = strtol(id, &p, 10); - if (new->from_type == RULE_GID) + break; + case RULE_GID: new->f_gid = strtol(id, &p, 10); + break; + default: + __assert_unreachable(); + } if (*p != '\0') { error = EINVAL; - goto out; + goto error; } - if (*element == '\0') { + if (element == NULL || *element == '\0') { error = EINVAL; - goto out; + goto error; } if (strcmp(element, "any") == 0 || strcmp(element, "*") == 0) { new->to_type = RULE_ANY; @@ -128,15 +134,17 @@ parse_rule_element(char *element, struct rule **rule) new->t_uid = strtol(element, &p, 10); if (*p != '\0') { error = EINVAL; - goto out; + goto error; } } -out: - if (error != 0) { - free(new, M_DO); - *rule = NULL; - } else - *rule = new; + + MPASS(error == 0); + *rule = new; + return (0); +error: + MPASS(error != 0); + free(new, M_DO); + *rule = NULL; return (error); }