Unverified Commit a0b53141 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!7773 Fix CVE-2023-52698 

Merge Pull Request from: @ci-robot 
 
PR sync from: Zheng Yejian <zhengyejian1@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/GI54IHAGJB2V5CG2QSXH4NRMVXOW7J43/ 
Andrew Lunn (1):
  [Backport] net: netlabel: Fix kerneldoc warnings

Gavrilov Ilia (1):
  [Backport] calipso: fix memory leak in netlbl_calipso_add_pass()

Zheng Yejian (1):
  [Backport] netlabel: remove unused parameter in
    netlbl_netlink_auditinfo()


-- 
2.25.1
 
https://gitee.com/src-openeuler/kernel/issues/I9Q9IT 
 
Link:https://gitee.com/openeuler/kernel/pulls/7773

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents ecaaccdf cc874231

net/netlabel/netlabel_calipso.c

+28 −24
Original line number Diff line number Diff line
@@ -54,6 +54,28 @@ static const struct nla_policy calipso_genl_policy[NLBL_CALIPSO_A_MAX + 1] = { 
	[NLBL_CALIPSO_A_MTYPE] = { .type = NLA_U32 },

};



static const struct netlbl_calipso_ops *calipso_ops;



/**

 * netlbl_calipso_ops_register - Register the CALIPSO operations

 * @ops: ops to register

 *

 * Description:

 * Register the CALIPSO packet engine operations.

 *

 */

const struct netlbl_calipso_ops *

netlbl_calipso_ops_register(const struct netlbl_calipso_ops *ops)

{

	return xchg(&calipso_ops, ops);

}

EXPORT_SYMBOL(netlbl_calipso_ops_register);



static const struct netlbl_calipso_ops *netlbl_calipso_ops_get(void)

{

	return READ_ONCE(calipso_ops);

}



/* NetLabel Command Handlers

 */

/**
@@ -96,16 +118,19 @@ static int netlbl_calipso_add_pass(struct genl_info *info, 
 *

 */

static int netlbl_calipso_add(struct sk_buff *skb, struct genl_info *info)



{

	int ret_val = -EINVAL;

	struct netlbl_audit audit_info;

	const struct netlbl_calipso_ops *ops = netlbl_calipso_ops_get();



	if (!info->attrs[NLBL_CALIPSO_A_DOI] ||

	    !info->attrs[NLBL_CALIPSO_A_MTYPE])

		return -EINVAL;



	netlbl_netlink_auditinfo(skb, &audit_info);

	if (!ops)

		return -EOPNOTSUPP;



	netlbl_netlink_auditinfo(&audit_info);

	switch (nla_get_u32(info->attrs[NLBL_CALIPSO_A_MTYPE])) {

	case CALIPSO_MAP_PASS:

		ret_val = netlbl_calipso_add_pass(info, &audit_info);
@@ -287,7 +312,7 @@ static int netlbl_calipso_remove(struct sk_buff *skb, struct genl_info *info) 
	if (!info->attrs[NLBL_CALIPSO_A_DOI])

		return -EINVAL;



	netlbl_netlink_auditinfo(skb, &audit_info);

	netlbl_netlink_auditinfo(&audit_info);

	cb_arg.doi = nla_get_u32(info->attrs[NLBL_CALIPSO_A_DOI]);

	cb_arg.audit_info = &audit_info;

	ret_val = netlbl_domhsh_walk(&skip_bkt, &skip_chain,
@@ -362,27 +387,6 @@ int __init netlbl_calipso_genl_init(void) 
	return genl_register_family(&netlbl_calipso_gnl_family);

}



static const struct netlbl_calipso_ops *calipso_ops;



/**

 * netlbl_calipso_ops_register - Register the CALIPSO operations

 *

 * Description:

 * Register the CALIPSO packet engine operations.

 *

 */

const struct netlbl_calipso_ops *

netlbl_calipso_ops_register(const struct netlbl_calipso_ops *ops)

{

	return xchg(&calipso_ops, ops);

}

EXPORT_SYMBOL(netlbl_calipso_ops_register);



static const struct netlbl_calipso_ops *netlbl_calipso_ops_get(void)

{

	return READ_ONCE(calipso_ops);

}



/**

 * calipso_doi_add - Add a new DOI to the CALIPSO protocol engine

 * @doi_def: the DOI structure

net/netlabel/netlabel_cipso_v4.c

+2 −2
Original line number Diff line number Diff line
@@ -410,7 +410,7 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info) 
	    !info->attrs[NLBL_CIPSOV4_A_MTYPE])

		return -EINVAL;



	netlbl_netlink_auditinfo(skb, &audit_info);

	netlbl_netlink_auditinfo(&audit_info);

	switch (nla_get_u32(info->attrs[NLBL_CIPSOV4_A_MTYPE])) {

	case CIPSO_V4_MAP_TRANS:

		ret_val = netlbl_cipsov4_add_std(info, &audit_info);
@@ -709,7 +709,7 @@ static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info) 
	if (!info->attrs[NLBL_CIPSOV4_A_DOI])

		return -EINVAL;



	netlbl_netlink_auditinfo(skb, &audit_info);

	netlbl_netlink_auditinfo(&audit_info);

	cb_arg.doi = nla_get_u32(info->attrs[NLBL_CIPSOV4_A_DOI]);

	cb_arg.audit_info = &audit_info;

	ret_val = netlbl_domhsh_walk(&skip_bkt, &skip_chain,

net/netlabel/netlabel_mgmt.c

+4 −4
Original line number Diff line number Diff line
@@ -435,7 +435,7 @@ static int netlbl_mgmt_add(struct sk_buff *skb, struct genl_info *info) 
	     (info->attrs[NLBL_MGMT_A_IPV6MASK] != NULL)))

		return -EINVAL;



	netlbl_netlink_auditinfo(skb, &audit_info);

	netlbl_netlink_auditinfo(&audit_info);



	return netlbl_mgmt_add_common(info, &audit_info);

}
@@ -458,7 +458,7 @@ static int netlbl_mgmt_remove(struct sk_buff *skb, struct genl_info *info) 
	if (!info->attrs[NLBL_MGMT_A_DOMAIN])

		return -EINVAL;



	netlbl_netlink_auditinfo(skb, &audit_info);

	netlbl_netlink_auditinfo(&audit_info);



	domain = nla_data(info->attrs[NLBL_MGMT_A_DOMAIN]);

	return netlbl_domhsh_remove(domain, AF_UNSPEC, &audit_info);
@@ -558,7 +558,7 @@ static int netlbl_mgmt_adddef(struct sk_buff *skb, struct genl_info *info) 
	     (info->attrs[NLBL_MGMT_A_IPV6MASK] != NULL)))

		return -EINVAL;



	netlbl_netlink_auditinfo(skb, &audit_info);

	netlbl_netlink_auditinfo(&audit_info);



	return netlbl_mgmt_add_common(info, &audit_info);

}
@@ -577,7 +577,7 @@ static int netlbl_mgmt_removedef(struct sk_buff *skb, struct genl_info *info) 
{

	struct netlbl_audit audit_info;



	netlbl_netlink_auditinfo(skb, &audit_info);

	netlbl_netlink_auditinfo(&audit_info);



	return netlbl_domhsh_remove_default(AF_UNSPEC, &audit_info);

}

net/netlabel/netlabel_unlabeled.c

+5 −5
Original line number Diff line number Diff line
@@ -814,7 +814,7 @@ static int netlbl_unlabel_accept(struct sk_buff *skb, struct genl_info *info) 
	if (info->attrs[NLBL_UNLABEL_A_ACPTFLG]) {

		value = nla_get_u8(info->attrs[NLBL_UNLABEL_A_ACPTFLG]);

		if (value == 1 || value == 0) {

			netlbl_netlink_auditinfo(skb, &audit_info);

			netlbl_netlink_auditinfo(&audit_info);

			netlbl_unlabel_acceptflg_set(value, &audit_info);

			return 0;

		}
@@ -897,7 +897,7 @@ static int netlbl_unlabel_staticadd(struct sk_buff *skb, 
	       !info->attrs[NLBL_UNLABEL_A_IPV6MASK])))

		return -EINVAL;



	netlbl_netlink_auditinfo(skb, &audit_info);

	netlbl_netlink_auditinfo(&audit_info);



	ret_val = netlbl_unlabel_addrinfo_get(info, &addr, &mask, &addr_len);

	if (ret_val != 0)
@@ -947,7 +947,7 @@ static int netlbl_unlabel_staticadddef(struct sk_buff *skb, 
	       !info->attrs[NLBL_UNLABEL_A_IPV6MASK])))

		return -EINVAL;



	netlbl_netlink_auditinfo(skb, &audit_info);

	netlbl_netlink_auditinfo(&audit_info);



	ret_val = netlbl_unlabel_addrinfo_get(info, &addr, &mask, &addr_len);

	if (ret_val != 0)
@@ -994,7 +994,7 @@ static int netlbl_unlabel_staticremove(struct sk_buff *skb, 
	       !info->attrs[NLBL_UNLABEL_A_IPV6MASK])))

		return -EINVAL;



	netlbl_netlink_auditinfo(skb, &audit_info);

	netlbl_netlink_auditinfo(&audit_info);



	ret_val = netlbl_unlabel_addrinfo_get(info, &addr, &mask, &addr_len);

	if (ret_val != 0)
@@ -1034,7 +1034,7 @@ static int netlbl_unlabel_staticremovedef(struct sk_buff *skb, 
	       !info->attrs[NLBL_UNLABEL_A_IPV6MASK])))

		return -EINVAL;



	netlbl_netlink_auditinfo(skb, &audit_info);

	netlbl_netlink_auditinfo(&audit_info);



	ret_val = netlbl_unlabel_addrinfo_get(info, &addr, &mask, &addr_len);

	if (ret_val != 0)

net/netlabel/netlabel_user.h

+1 −3
Original line number Diff line number Diff line
@@ -28,11 +28,9 @@ 


/**

 * netlbl_netlink_auditinfo - Fetch the audit information from a NETLINK msg

 * @skb: the packet

 * @audit_info: NetLabel audit information

 */

static inline void netlbl_netlink_auditinfo(struct sk_buff *skb,

					    struct netlbl_audit *audit_info)

static inline void netlbl_netlink_auditinfo(struct netlbl_audit *audit_info)

{

	security_task_getsecid(current, &audit_info->secid);

	audit_info->loginuid = audit_get_loginuid(current);