Re: [PATCH 1/2] SELinux: Fix lsm_get_self_attr()

23 Feb 2024


      On Fri, Feb 23, 2024 at 08:59:34PM +0100, Mickaël Salaün wrote:
...
On Fri, Feb 23, 2024 at 08:05:45PM +0100, Mickaël Salaün wrote:
...
selinux_lsm_getattr() may not initialize the value's pointer in some
case.  As for proc_pid_attr_read(), initialize this pointer to NULL in
selinux_getselfattr() to avoid an UAF in the kfree() call.
Not UAF but NULL pointer dereference (both patches)...
Well, that may be the result (as observed with the kfree() call), but
the cause is obviously an uninitialized pointer.

2025

2024

2023

2022

2021

2020

2019

2018

2017

Re: [PATCH 1/2] SELinux: Fix lsm_get_self_attr()