summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2009-04-18 18:37:50 (GMT)
committerLinus Torvalds <torvalds@linux-foundation.org>2009-04-18 18:37:50 (GMT)
commit62f2730a11b6fbd6ac274dcf1bc8251abe8d2205 (patch)
tree35ab44ec8f91c16a61dc8dc8ef34b2fcb6723828
parent4af94f39004a0d1a074e7573457e238a29557848 (diff)
parentdefc433ba3bc587826bb467ce0e63452deafa65d (diff)
downloadlinux-62f2730a11b6fbd6ac274dcf1bc8251abe8d2205.tar.xz
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: Smack: check for SMACK xattr validity in smack_inode_setxattr
-rw-r--r--security/smack/smack_lsm.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 9215149..98b3195 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -609,8 +609,12 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
if (!capable(CAP_MAC_ADMIN))
rc = -EPERM;
- /* a label cannot be void and cannot begin with '-' */
- if (size == 0 || (size > 0 && ((char *)value)[0] == '-'))
+ /*
+ * check label validity here so import wont fail on
+ * post_setxattr
+ */
+ if (size == 0 || size >= SMK_LABELLEN ||
+ smk_import(value, size) == NULL)
rc = -EINVAL;
} else
rc = cap_inode_setxattr(dentry, name, value, size, flags);
@@ -644,9 +648,6 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
if (strcmp(name, XATTR_NAME_SMACK))
return;
- if (size >= SMK_LABELLEN)
- return;
-
isp = dentry->d_inode->i_security;
/*