From nobody Thu Apr  3 19:32:08 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZTBh91bhSz5sLvH;
	Thu, 03 Apr 2025 19:32:09 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZTBh84LXRz3SBN;
	Thu, 03 Apr 2025 19:32:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743708728;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2S7ePLUjj+8EgRjsn1ee7c/K556UPTgR6/Ij1Bg7xMU=;
	b=EyfjCLm1WaK3GzGCT6uYv8P4flKAdrXLw2x46K8+oidXfLADhvpZ7tpnLIQC12x6rK8yf1
	N8eqxVq9xtxPZcM6daqBsEqX1uJuHMhdLX/n80Fmn/hgo917SnCwcusDhv34v7LFOX+Lio
	UOt0h3a7ej/Hs5sAiICD8oI8/iqOc3eXRINYaqx75DfqTPapbsODIXn+SsWEwiivRYUU9r
	y91ZFO9aNC+RHhRr+Ssl+mlBiXR8vG3bcKZtvf43L0CAoDi+Q5GetXAkzB9kx+eY4CPdvE
	NR7mwvoTQ/yESkBMQowzP/fIYdQa5g1iP9TzIRhKRoQlnB//St1KgQXxWgM/ig==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743708728; a=rsa-sha256; cv=none;
	b=KPUS13/L8a3yOlu5dilheDQ9NCASmSqwQJR23ELf6f1fSTPFoDUGDsfJYY8wil+XG3cJ9l
	vmyu+Gd4I1o6krT8lyCCDABrcOY2yfzL4uWdL+5aZEDAZ/LDt78CUwbVBLc7TP1YUiEmFH
	z3nck51cfg6V7FIWIKtezmR6lzY1apO+5LHrH6QeMsM4pmoLfeLB+oQ6VV9cDCQFJUER1+
	PmVHFfgNAK+5hv3w4BoFyK2kmmphyyixL7ALcpg8x5vcM0rmDha8ZXIH3I7wBBcwrMpKyg
	wzPAYEBmu7gl1/s3DRkY9FSaGYYMYkv8TOVzukI4WSbVuMdXrW43gCW5Bjr7YQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743708728;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=2S7ePLUjj+8EgRjsn1ee7c/K556UPTgR6/Ij1Bg7xMU=;
	b=n2oFSsr6nRjMbV/RlP9sM2WRPS/DRSMS2rL02uQbSOfR25QSqaQ/bsP/WCO5BCAcmLZyKq
	IRqaki1f38qEq6Qve+lLZLvCnRc8bVp/tN+UPcFEMdkNB2piEx5GYWMuRkC4sHcVivUc6G
	GFdClnbDnBk57yMBociIdTT2S4ELZQkHVm4RicLiaQxbXiwM05N5iLr0faw/bNe9OioBEh
	mEgtDlW2zofyKN9496UEZqpY8XpiwqaMvEDX/oX/UEkBaarVvFR59iqRhJNXsbZseRY7Yz
	i4JfSDWQv9vUONdyoWJcZcwi9sQyqibOTXpT+fJ8A7vPX5xDeBJSxZcOsVGwJA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZTBh83qsDz1Cpq;
	Thu, 03 Apr 2025 19:32:08 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 533JW8rU039922;
	Thu, 3 Apr 2025 19:32:08 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 533JW8SL039919;
	Thu, 3 Apr 2025 19:32:08 GMT
	(envelope-from git)
Date: Thu, 3 Apr 2025 19:32:08 GMT
Message-Id: <202504031932.533JW8SL039919@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 6b76b0f95c62 - stable/14 - MAC/do: parse_rule_element():
  Fix a panic, harden, simplify
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 6b76b0f95c6255237a462eb20bf7966e3e7e35a9
Auto-Submitted: auto-generated

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=6b76b0f95c6255237a462eb20bf7966e3e7e35a9

commit 6b76b0f95c6255237a462eb20bf7966e3e7e35a9
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-03 14:13:33 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-04-03 19:30:59 +0000

    MAC/do: parse_rule_element(): Fix a panic, harden, simplify
    
    The panic is caused by dereferencing 'element' at a point where it can
    be NULL (if string ends at the ':').
    
    Harden and simplify by enforcing the control flow rule in this function
    that jumping to the end is reserved for error cases.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47605
    
    (cherry picked from commit add521c1a5d21ec84454009d42d1dcd688d77008)
---
 sys/security/mac_do/mac_do.c | 38 +++++++++++++++++++++++---------------
 1 file changed, 23 insertions(+), 15 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index cb166cfd6128..3327711fa9b9 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -94,7 +94,7 @@ parse_rule_element(char *element, struct rule **rule)
 	type = strsep(&element, "=");
 	if (type == NULL) {
 		error = EINVAL;
-		goto out;
+		goto error;
 	}
 	if (strcmp(type, "uid") == 0) {
 		new->from_type = RULE_UID;
@@ -102,24 +102,30 @@ parse_rule_element(char *element, struct rule **rule)
 		new->from_type = RULE_GID;
 	} else {
 		error = EINVAL;
-		goto out;
+		goto error;
 	}
 	id = strsep(&element, ":");
 	if (id == NULL) {
 		error = EINVAL;
-		goto out;
+		goto error;
 	}
-	if (new->from_type == RULE_UID)
+	switch (new->from_type) {
+	case RULE_UID:
 		new->f_uid = strtol(id, &p, 10);
-	if (new->from_type == RULE_GID)
+		break;
+	case RULE_GID:
 		new->f_gid = strtol(id, &p, 10);
+		break;
+	default:
+		__assert_unreachable();
+	}
 	if (*p != '\0') {
 		error = EINVAL;
-		goto out;
+		goto error;
 	}
-	if (*element == '\0') {
+	if (element == NULL || *element == '\0') {
 		error = EINVAL;
-		goto out;
+		goto error;
 	}
 	if (strcmp(element, "any") == 0 || strcmp(element, "*") == 0) {
 		new->to_type = RULE_ANY;
@@ -128,15 +134,17 @@ parse_rule_element(char *element, struct rule **rule)
 		new->t_uid = strtol(element, &p, 10);
 		if (*p != '\0') {
 			error = EINVAL;
-			goto out;
+			goto error;
 		}
 	}
-out:
-	if (error != 0) {
-		free(new, M_DO);
-		*rule = NULL;
-	} else
-		*rule = new;
+
+	MPASS(error == 0);
+	*rule = new;
+	return (0);
+error:
+	MPASS(error != 0);
+	free(new, M_DO);
+	*rule = NULL;
 	return (error);
 }