diff options
author | Paul Moore <pmoore@redhat.com> | 2014-08-01 11:17:03 -0400 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2014-09-13 23:41:42 +0100 |
commit | 33401ce96ad0b9ba39a5aff56ef25c63859f347d (patch) | |
tree | 6fcba6a98bfebe787192cf0723e3bba302bcfc04 /include | |
parent | 908964e5d5b6dd6cfaee838e1bdad0b8f62c7583 (diff) |
netlabel: fix a problem when setting bits below the previously lowest bit
commit 41c3bd2039e0d7b3dc32313141773f20716ec524 upstream.
The NetLabel category (catmap) functions have a problem in that they
assume categories will be set in an increasing manner, e.g. the next
category set will always be larger than the last. Unfortunately, this
is not a valid assumption and could result in problems when attempting
to set categories less than the startbit in the lowest catmap node.
In some cases kernel panics and other nasties can result.
This patch corrects the problem by checking for this and allocating a
new catmap node instance and placing it at the front of the list.
Reported-by: Christian Evans <frodox@zoho.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Tested-by: Casey Schaufler <casey@schaufler-ca.com>
[bwh: Backported to 3.2: adjust filename for SMACK]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/netlabel.h | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h index f67440970d7e..c8ba2e29018a 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -395,10 +395,10 @@ int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap, u32 offset); int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap, u32 offset); -int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap *catmap, +int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap **catmap, u32 bit, gfp_t flags); -int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap, +int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap **catmap, u32 start, u32 end, gfp_t flags); @@ -506,14 +506,14 @@ static inline int netlbl_secattr_catmap_walk_rng( return -ENOENT; } static inline int netlbl_secattr_catmap_setbit( - struct netlbl_lsm_secattr_catmap *catmap, + struct netlbl_lsm_secattr_catmap **catmap, u32 bit, gfp_t flags) { return 0; } static inline int netlbl_secattr_catmap_setrng( - struct netlbl_lsm_secattr_catmap *catmap, + struct netlbl_lsm_secattr_catmap **catmap, u32 start, u32 end, gfp_t flags) |