diff options
| author |   Linus Torvalds <torvalds@linux-foundation.org> | 2009-04-18 11:37:50 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-04-18 11:37:50 -0700 |
| commit | 62f2730a11b6fbd6ac274dcf1bc8251abe8d2205 (patch) | |
| tree | 35ab44ec8f91c16a61dc8dc8ef34b2fcb6723828 | |
| parent | doc: fix kernel-parameters.txt mistaken deletions (diff) | |
| parent | Smack: check for SMACK xattr validity in smack_inode_setxattr (diff) | |
| download | linux-dev-62f2730a11b6fbd6ac274dcf1bc8251abe8d2205.tar.xz linux-dev-62f2730a11b6fbd6ac274dcf1bc8251abe8d2205.zip | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
Smack: check for SMACK xattr validity in smack_inode_setxattr
| -rw-r--r-- | security/smack/smack_lsm.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 921514902eca..98b3195347ab 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -609,8 +609,12 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name, strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { if (!capable(CAP_MAC_ADMIN)) rc = -EPERM; - /* a label cannot be void and cannot begin with '-' */ - if (size == 0 || (size > 0 && ((char *)value)[0] == '-')) + /* + * check label validity here so import wont fail on + * post_setxattr + */ + if (size == 0 || size >= SMK_LABELLEN || + smk_import(value, size) == NULL) rc = -EINVAL; } else rc = cap_inode_setxattr(dentry, name, value, size, flags); @@ -644,9 +648,6 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, if (strcmp(name, XATTR_NAME_SMACK)) return; - if (size >= SMK_LABELLEN) - return; - isp = dentry->d_inode->i_security; /* |