Merge tag 'selinux-pr-20190702' of git://git.kernel.org/pub/scm/linux/kernel/git...

[linux-2.6-microblaze.git] / security / selinux / ss / services.c

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index d3f5568..d61563a 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -649,9 +649,7 @@ static void context_struct_compute_av(struct policydb *policydb,
        avkey.target_class = tclass;
        avkey.specified = AVTAB_AV | AVTAB_XPERMS;
        sattr = &policydb->type_attr_map_array[scontext->type - 1];
-       BUG_ON(!sattr);
        tattr = &policydb->type_attr_map_array[tcontext->type - 1];
-       BUG_ON(!tattr);
        ebitmap_for_each_positive_bit(sattr, snode, i) {
                ebitmap_for_each_positive_bit(tattr, tnode, j) {
                        avkey.source_type = i + 1;
@@ -1057,9 +1055,7 @@ void security_compute_xperms_decision(struct selinux_state *state,
        avkey.target_class = tclass;
        avkey.specified = AVTAB_XPERMS;
        sattr = &policydb->type_attr_map_array[scontext->type - 1];
-       BUG_ON(!sattr);
        tattr = &policydb->type_attr_map_array[tcontext->type - 1];
-       BUG_ON(!tattr);
        ebitmap_for_each_positive_bit(sattr, snode, i) {
                ebitmap_for_each_positive_bit(tattr, tnode, j) {
                        avkey.source_type = i + 1;
@@ -1586,6 +1582,7 @@ static int compute_sid_handle_invalid_context(
        struct policydb *policydb = &state->ss->policydb;
        char *s = NULL, *t = NULL, *n = NULL;
        u32 slen, tlen, nlen;
+       struct audit_buffer *ab;
 
        if (context_struct_to_string(policydb, scontext, &s, &slen))
                goto out;
@@ -1593,12 +1590,14 @@ static int compute_sid_handle_invalid_context(
                goto out;
        if (context_struct_to_string(policydb, newcontext, &n, &nlen))
                goto out;
-       audit_log(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                 "op=security_compute_sid invalid_context=%s"
-                 " scontext=%s"
-                 " tcontext=%s"
-                 " tclass=%s",
-                 n, s, t, sym_name(policydb, SYM_CLASSES, tclass-1));
+       ab = audit_log_start(audit_context(), GFP_ATOMIC, AUDIT_SELINUX_ERR);
+       audit_log_format(ab,
+                        "op=security_compute_sid invalid_context=");
+       /* no need to record the NUL with untrusted strings */
+       audit_log_n_untrustedstring(ab, n, nlen - 1);
+       audit_log_format(ab, " scontext=%s tcontext=%s tclass=%s",
+                        s, t, sym_name(policydb, SYM_CLASSES, tclass-1));
+       audit_log_end(ab);
 out:
        kfree(s);
        kfree(t);
@@ -3005,10 +3004,16 @@ int security_sid_mls_copy(struct selinux_state *state,
                if (rc) {
                        if (!context_struct_to_string(policydb, &newcon, &s,
                                                      &len)) {
-                               audit_log(audit_context(),
-                                         GFP_ATOMIC, AUDIT_SELINUX_ERR,
-                                         "op=security_sid_mls_copy "
-                                         "invalid_context=%s", s);
+                               struct audit_buffer *ab;
+
+                               ab = audit_log_start(audit_context(),
+                                                    GFP_ATOMIC,
+                                                    AUDIT_SELINUX_ERR);
+                               audit_log_format(ab,
+                                                "op=security_sid_mls_copy invalid_context=");
+                               /* don't record NUL with untrusted strings */
+                               audit_log_n_untrustedstring(ab, s, len - 1);
+                               audit_log_end(ab);
                                kfree(s);
                        }
                        goto out_unlock;