When filename exceeds PATH_MAX, tomoyo_find_next_domain() retval is not ENAMETOOLONG, but ENOENT.
Fix this by retuen kern_path() error. Signed-off-by: Takeshi Misawa <jeliantsu...@gmail.com> --- Dear Tetsuo Handa I found unexpected return value from TOMOYO and try to create a patch. If this is not acceptable for security reason, please discard this patch. Regards. --- security/tomoyo/domain.c | 7 +++++-- security/tomoyo/realpath.c | 9 +++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 8526a0a74023..3d8034701344 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -723,8 +723,10 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) /* Get symlink's pathname of program. */ retval = -ENOENT; exename.name = tomoyo_realpath_nofollow(original_name); - if (!exename.name) + if (IS_ERR(exename.name)) { + retval = PTR_ERR(exename.name); goto out; + } tomoyo_fill_path_info(&exename); retry: /* Check 'aggregator' directive. */ @@ -870,7 +872,8 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm) s->domain_info = domain; atomic_inc(&domain->users); } - kfree(exename.name); + if (!IS_ERR(exename.name)) + kfree(exename.name); if (!retval) { ee->r.domain = domain; retval = tomoyo_environ(ee); diff --git a/security/tomoyo/realpath.c b/security/tomoyo/realpath.c index e7832448d721..d73e66be05ef 100644 --- a/security/tomoyo/realpath.c +++ b/security/tomoyo/realpath.c @@ -332,10 +332,15 @@ char *tomoyo_realpath_from_path(const struct path *path) char *tomoyo_realpath_nofollow(const char *pathname) { struct path path; + char *buf = NULL; + int err; - if (pathname && kern_path(pathname, 0, &path) == 0) { - char *buf = tomoyo_realpath_from_path(&path); + if (pathname) { + err = kern_path(pathname, 0, &path); + if (unlikely(err)) + return ERR_PTR(err); + buf = tomoyo_realpath_from_path(&path); path_put(&path); return buf; } -- 2.17.1