summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2014-08-01 11:17:03 -0400
committerBen Hutchings <ben@decadent.org.uk>2014-09-13 23:41:42 +0100
commit33401ce96ad0b9ba39a5aff56ef25c63859f347d (patch)
tree6fcba6a98bfebe787192cf0723e3bba302bcfc04 /security
parent908964e5d5b6dd6cfaee838e1bdad0b8f62c7583 (diff)
netlabel: fix a problem when setting bits below the previously lowest bit
commit 41c3bd2039e0d7b3dc32313141773f20716ec524 upstream. The NetLabel category (catmap) functions have a problem in that they assume categories will be set in an increasing manner, e.g. the next category set will always be larger than the last. Unfortunately, this is not a valid assumption and could result in problems when attempting to set categories less than the startbit in the lowest catmap node. In some cases kernel panics and other nasties can result. This patch corrects the problem by checking for this and allocating a new catmap node instance and placing it at the front of the list. Reported-by: Christian Evans <frodox@zoho.com> Signed-off-by: Paul Moore <pmoore@redhat.com> Tested-by: Casey Schaufler <casey@schaufler-ca.com> [bwh: Backported to 3.2: adjust filename for SMACK] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'security')
-rw-r--r--security/smack/smack_lsm.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 7db62b48eb42..e3adb49c9c37 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1842,7 +1842,7 @@ static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap)
for (m = 0x80; m != 0; m >>= 1, cat++) {
if ((m & *cp) == 0)
continue;
- rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat,
+ rc = netlbl_secattr_catmap_setbit(&sap->attr.mls.cat,
cat, GFP_ATOMIC);
}
}