Merge tag 'tomoyo-pr-20201214' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1

Pull tomoyo updates from Tetsuo Handa:
 "Limit recursion depth, fix clang warning, fix comment typo, and
  silence memory allocation failure warning"

* tag 'tomoyo-pr-20201214' of git://git.osdn.net/gitroot/tomoyo/tomoyo-test1:
  tomoyo: Fix typo in comments.
  tomoyo: Fix null pointer check
  tomoyo: Limit wildcard recursion depth.
  tomoyo: fix clang pointer arithmetic warning
  tomoyo: Loosen pathname/domainname validation.

8 files changed, 44 insertions, 41 deletions

diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c
index 3c96e8402e94..b51bad121c11 100644
--- a/security/tomoyo/audit.c
+++ b/security/tomoyo/audit.c
@@ -311,7 +311,7 @@ static LIST_HEAD(tomoyo_log);
 /* Lock for "struct list_head tomoyo_log". */
 static DEFINE_SPINLOCK(tomoyo_log_lock);
 
-/* Length of "stuct list_head tomoyo_log". */
+/* Length of "struct list_head tomoyo_log". */
 static unsigned int tomoyo_log_count;
 
 /**
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 4bee32bfe16d..5c64927bf2b3 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -498,7 +498,7 @@ static struct tomoyo_profile *tomoyo_assign_profile
 	ptr = ns->profile_ptr[profile];
 	if (ptr)
 		return ptr;
-	entry = kzalloc(sizeof(*entry), GFP_NOFS);
+	entry = kzalloc(sizeof(*entry), GFP_NOFS | __GFP_NOWARN);
 	if (mutex_lock_interruptible(&tomoyo_policy_lock))
 		goto out;
 	ptr = ns->profile_ptr[profile];
@@ -635,7 +635,7 @@ static int tomoyo_set_mode(char *name, const char *value,
 			if (strstr(value, tomoyo_mode[mode]))
 				/*
 				 * Update lower 3 bits in order to distinguish
-				 * 'config' from 'TOMOYO_CONFIG_USE_DEAFULT'.
+				 * 'config' from 'TOMOYO_CONFIG_USE_DEFAULT'.
 				 */
 				config = (config & ~7) | mode;
 		if (config != TOMOYO_CONFIG_USE_DEFAULT) {
@@ -2574,7 +2574,7 @@ static inline bool tomoyo_has_more_namespace(struct tomoyo_io_buffer *head)
  * tomoyo_read_control - read() for /sys/kernel/security/tomoyo/ interface.
  *
  * @head:       Pointer to "struct tomoyo_io_buffer".
- * @buffer:     Poiner to buffer to write to.
+ * @buffer:     Pointer to buffer to write to.
  * @buffer_len: Size of @buffer.
  *
  * Returns bytes read on success, negative value otherwise.
@@ -2608,7 +2608,7 @@ ssize_t tomoyo_read_control(struct tomoyo_io_buffer *head, char __user *buffer,
 /**
  * tomoyo_parse_policy - Parse a policy line.
  *
- * @head: Poiter to "struct tomoyo_io_buffer".
+ * @head: Pointer to "struct tomoyo_io_buffer".
  * @line: Line to parse.
  *
  * Returns 0 on success, negative value otherwise.
diff --git a/security/tomoyo/condition.c b/security/tomoyo/condition.c
index 8f6d57c15df6..f8bcc083bb0d 100644
--- a/security/tomoyo/condition.c
+++ b/security/tomoyo/condition.c
@@ -98,7 +98,7 @@ static bool tomoyo_envp(const char *env_name, const char *env_value,
  * @argc: Length of @argc.
  * @argv: Pointer to "struct tomoyo_argv".
  * @envc: Length of @envp.
- * @envp: Poiner to "struct tomoyo_envp".
+ * @envp: Pointer to "struct tomoyo_envp".
  *
  * Returns true on success, false otherwise.
  */
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index dc4ecc0b2038..98d985895ec8 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -473,9 +473,7 @@ struct tomoyo_policy_namespace *tomoyo_assign_namespace(const char *domainname)
 		return ptr;
 	if (len >= TOMOYO_EXEC_TMPSIZE - 10 || !tomoyo_domain_def(domainname))
 		return NULL;
-	entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS);
-	if (!entry)
-		return NULL;
+	entry = kzalloc(sizeof(*entry) + len + 1, GFP_NOFS | __GFP_NOWARN);
 	if (mutex_lock_interruptible(&tomoyo_policy_lock))
 		goto out;
 	ptr = tomoyo_find_namespace(domainname, len);
@@ -891,7 +889,7 @@ force_jump_domain:
  *
  * @bprm: Pointer to "struct linux_binprm".
  * @pos:  Location to dump.
- * @dump: Poiner to "struct tomoyo_page_dump".
+ * @dump: Pointer to "struct tomoyo_page_dump".
  *
  * Returns true on success, false otherwise.
  */
diff --git a/security/tomoyo/gc.c b/security/tomoyo/gc.c
index 9537832fca18..026e29ea3796 100644
--- a/security/tomoyo/gc.c
+++ b/security/tomoyo/gc.c
@@ -463,7 +463,7 @@ static void tomoyo_try_to_gc(const enum tomoyo_policy_id type,
 	return;
 reinject:
 	/*
-	 * We can safely reinject this element here bacause
+	 * We can safely reinject this element here because
 	 * (1) Appending list elements and removing list elements are protected
 	 *     by tomoyo_policy_lock mutex.
 	 * (2) Only this function removes list elements and this function is
diff --git a/security/tomoyo/memory.c b/security/tomoyo/memory.c
index 2e7fcfa923c9..1b570bde7a3b 100644
--- a/security/tomoyo/memory.c
+++ b/security/tomoyo/memory.c
@@ -73,7 +73,7 @@ bool tomoyo_memory_ok(void *ptr)
  */
 void *tomoyo_commit_ok(void *data, const unsigned int size)
 {
-	void *ptr = kzalloc(size, GFP_NOFS);
+	void *ptr = kzalloc(size, GFP_NOFS | __GFP_NOWARN);
 
 	if (tomoyo_memory_ok(ptr)) {
 		memmove(ptr, data, size);
@@ -170,7 +170,7 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name)
 		atomic_inc(&ptr->head.users);
 		goto out;
 	}
-	ptr = kzalloc(sizeof(*ptr) + len, GFP_NOFS);
+	ptr = kzalloc(sizeof(*ptr) + len, GFP_NOFS | __GFP_NOWARN);
 	if (tomoyo_memory_ok(ptr)) {
 		ptr->entry.name = ((char *) ptr) + sizeof(*ptr);
 		memmove((char *) ptr->entry.name, name, len);
diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c
index 546281c5b233..065f4941c4d8 100644
--- a/security/tomoyo/securityfs_if.c
+++ b/security/tomoyo/securityfs_if.c
@@ -131,8 +131,8 @@ static const struct file_operations tomoyo_self_operations = {
  */
 static int tomoyo_open(struct inode *inode, struct file *file)
 {
-	const int key = ((u8 *) file_inode(file)->i_private)
-		- ((u8 *) NULL);
+	const u8 key = (uintptr_t) file_inode(file)->i_private;
+
 	return tomoyo_open_control(key, file);
 }
 
@@ -223,7 +223,7 @@ static const struct file_operations tomoyo_operations = {
 static void __init tomoyo_create_entry(const char *name, const umode_t mode,
 				       struct dentry *parent, const u8 key)
 {
-	securityfs_create_file(name, mode, parent, ((u8 *) NULL) + key,
+	securityfs_create_file(name, mode, parent, (void *) (uintptr_t) key,
 			       &tomoyo_operations);
 }
 
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index a40abb0b91ee..176b803ebcfc 100644
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -434,59 +434,64 @@ void tomoyo_normalize_line(unsigned char *buffer)
  */
 static bool tomoyo_correct_word2(const char *string, size_t len)
 {
+	u8 recursion = 20;
 	const char *const start = string;
 	bool in_repetition = false;
-	unsigned char c;
-	unsigned char d;
-	unsigned char e;
 
 	if (!len)
 		goto out;
 	while (len--) {
-		c = *string++;
+		unsigned char c = *string++;
+
 		if (c == '\\') {
 			if (!len--)
 				goto out;
 			c = *string++;
+			if (c >= '0' && c <= '3') {
+				unsigned char d;
+				unsigned char e;
+
+				if (!len-- || !len--)
+					goto out;
+				d = *string++;
+				e = *string++;
+				if (d < '0' || d > '7' || e < '0' || e > '7')
+					goto out;
+				c = tomoyo_make_byte(c, d, e);
+				if (c <= ' ' || c >= 127)
+					continue;
+				goto out;
+			}
 			switch (c) {
 			case '\\':  /* "\\" */
-				continue;
-			case '$':   /* "\$" */
 			case '+':   /* "\+" */
 			case '?':   /* "\?" */
+			case 'x':   /* "\x" */
+			case 'a':   /* "\a" */
+			case '-':   /* "\-" */
+				continue;
+			}
+			if (!recursion--)
+				goto out;
+			switch (c) {
 			case '*':   /* "\*" */
 			case '@':   /* "\@" */
-			case 'x':   /* "\x" */
+			case '$':   /* "\$" */
 			case 'X':   /* "\X" */
-			case 'a':   /* "\a" */
 			case 'A':   /* "\A" */
-			case '-':   /* "\-" */
 				continue;
 			case '{':   /* "/\{" */
 				if (string - 3 < start || *(string - 3) != '/')
-					break;
+					goto out;
 				in_repetition = true;
 				continue;
 			case '}':   /* "\}/" */
 				if (*string != '/')
-					break;
+					goto out;
 				if (!in_repetition)
-					break;
+					goto out;
 				in_repetition = false;
 				continue;
-			case '0':   /* "\ooo" */
-			case '1':
-			case '2':
-			case '3':
-				if (!len-- || !len--)
-					break;
-				d = *string++;
-				e = *string++;
-				if (d < '0' || d > '7' || e < '0' || e > '7')
-					break;
-				c = tomoyo_make_byte(c, d, e);
-				if (c <= ' ' || c >= 127)
-					continue;
 			}
 			goto out;
 		} else if (in_repetition && c == '/') {