Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
Smack: check for SMACK xattr validity in smack_inode_setxattr
the following patch moves checks for SMACK xattr validity
from smack_inode_post_setxattr (which cannot return an error to the user)
to smack_inode_setxattr (which can return an error).
Signed-off-by: Etienne Basset <etienne.basset@numericable.fr>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <jmorris@namei.org>
authored by Etienne Basset and committed by James Morris defc433b aefe6475
+6
-5
security/smack/smack_lsm.c
+6
-5
security/smack/smack_lsm.c
···
609
609
strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
610
610
if (!capable(CAP_MAC_ADMIN))
611
611
rc = -EPERM;
612
-
/* a label cannot be void and cannot begin with '-' */
613
-
if (size == 0 || (size > 0 && ((char *)value)[0] == '-'))
612
+
/*
613
+
* check label validity here so import wont fail on
614
+
* post_setxattr
615
+
*/
616
+
if (size == 0 || size >= SMK_LABELLEN ||
617
+
smk_import(value, size) == NULL)
614
618
rc = -EINVAL;
615
619
} else
616
620
rc = cap_inode_setxattr(dentry, name, value, size, flags);
···
646
642
* Not SMACK
647
643
*/
648
644
if (strcmp(name, XATTR_NAME_SMACK))
649
-
return;
650
-
651
-
if (size >= SMK_LABELLEN)
652
645
return;
653
646
654
647
isp = dentry->d_inode->i_security;