WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel][Xense-devel][PATCH][2/4] Xen Securtiy Modules: FLASK

from [Chris Wright] [Permanent Link][Original]
To: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
Subject: Re: [Xen-devel][Xense-devel][PATCH][2/4] Xen Securtiy Modules: FLASK
From: Chris Wright <chrisw@xxxxxxxxxxxx>
Date: Mon, 7 May 2007 16:24:48 -0700
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, xense-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 07 May 2007 16:23:17 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <1178574074.6520.88.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <1178574074.6520.88.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.14 (2007-02-12) 
And to drill down into module based on core evtchn stuff...

> +static int flask_alloc_security_evtchn(struct evtchn *chn)
> +{
> +    int i;
> +    struct evtchn_security_struct *esec;
> +
> +    for ( i = 0; i < EVTCHNS_PER_BUCKET; i++ ) {
> +        esec = xmalloc(struct evtchn_security_struct);
> +    

As I mentioned in 1/4 review, this should be done at higher level.

> +        if (!esec)
> +            return -ENOMEM;

In fact, this is a leak because there's no unwind, and bucket
is freed if this error is encountered.

> +        
> +        memset(esec, 0, sizeof(struct evtchn_security_struct));
> +    
> +        esec->chn = &chn[i];
> +        esec->sid = SECINITSID_UNLABELED;
> +
> +        (&chn[i])->ssid = esec;
> +    }
> +    
> +    return 0;    
> +}
> +
> +static void flask_free_security_evtchn(struct evtchn *chn)
> +{
> +    int i;
> +    struct evtchn_security_struct *esec;
> +
> +    if (!chn)
> +        return;
> +            
> +    for ( i = 0; i < EVTCHNS_PER_BUCKET; i++ ) {
> +        esec = (&chn[i])->ssid;

This is not a bucket, because this _is_ done at a higher level.  Thus,
writing on and freeing random memory.

> +    
> +        if (!esec)
> +            continue;
> +        
> +        (&chn[i])->ssid = NULL;
> +        xfree(esec);
> +    }
> +
> +}

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM, Chris Wright
Next by Date:  Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM, George S. Coker, II
Previous by Thread:  [Xen-devel][Xense-devel][PATCH][2/4] Xen Securtiy Modules: FLASK, George S. Coker, II
Next by Thread:  Re: [Xen-devel][Xense-devel][PATCH][2/4] Xen Securtiy Modules: FLASK, Mark Williamson
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy