Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
Smack: check for SMACK xattr validity in smack_inode_setxattr
+6
-5
security/smack/smack_lsm.c
+6
-5
security/smack/smack_lsm.c
···
609
strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
610
if (!capable(CAP_MAC_ADMIN))
611
rc = -EPERM;
612
-
/* a label cannot be void and cannot begin with '-' */
613
-
if (size == 0 || (size > 0 && ((char *)value)[0] == '-'))
614
rc = -EINVAL;
615
} else
616
rc = cap_inode_setxattr(dentry, name, value, size, flags);
···
646
* Not SMACK
647
*/
648
if (strcmp(name, XATTR_NAME_SMACK))
649
-
return;
650
-
651
-
if (size >= SMK_LABELLEN)
652
return;
653
654
isp = dentry->d_inode->i_security;
···
609
strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
610
if (!capable(CAP_MAC_ADMIN))
611
rc = -EPERM;
612
+
/*
613
+
* check label validity here so import wont fail on
614
+
* post_setxattr
615
+
*/
616
+
if (size == 0 || size >= SMK_LABELLEN ||
617
+
smk_import(value, size) == NULL)
618
rc = -EINVAL;
619
} else
620
rc = cap_inode_setxattr(dentry, name, value, size, flags);
···
642
* Not SMACK
643
*/
644
if (strcmp(name, XATTR_NAME_SMACK))
645
return;
646
647
isp = dentry->d_inode->i_security;