diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2009-04-18 18:37:50 (GMT) |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-04-18 18:37:50 (GMT) |
commit | 62f2730a11b6fbd6ac274dcf1bc8251abe8d2205 (patch) | |
tree | 35ab44ec8f91c16a61dc8dc8ef34b2fcb6723828 | |
parent | 4af94f39004a0d1a074e7573457e238a29557848 (diff) | |
parent | defc433ba3bc587826bb467ce0e63452deafa65d (diff) | |
download | linux-62f2730a11b6fbd6ac274dcf1bc8251abe8d2205.tar.xz |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
Smack: check for SMACK xattr validity in smack_inode_setxattr
-rw-r--r-- | security/smack/smack_lsm.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 9215149..98b3195 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -609,8 +609,12 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name, strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { if (!capable(CAP_MAC_ADMIN)) rc = -EPERM; - /* a label cannot be void and cannot begin with '-' */ - if (size == 0 || (size > 0 && ((char *)value)[0] == '-')) + /* + * check label validity here so import wont fail on + * post_setxattr + */ + if (size == 0 || size >= SMK_LABELLEN || + smk_import(value, size) == NULL) rc = -EINVAL; } else rc = cap_inode_setxattr(dentry, name, value, size, flags); @@ -644,9 +648,6 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, if (strcmp(name, XATTR_NAME_SMACK)) return; - if (size >= SMK_LABELLEN) - return; - isp = dentry->d_inode->i_security; /* |