diff options
author | Ahmed S. Darwish <darwish.07@gmail.com> | 2008-03-13 15:32:34 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-03-13 16:11:43 -0400 |
commit | b500ce8d24d1f14426643da5f6fada28c1f60533 (patch) | |
tree | 17b6084b29434a968f787e238548a843126e2ec3 /security/smack/smack.h | |
parent | 93d74463d018ddf05c169ad399e62e90e0f82fc0 (diff) |
smackfs: do not trust `count' in inodes write()s
Smackfs write() implementation does not put a higher bound on the number of
bytes to copy from user-space. This may lead to a DOS attack if a malicious
`count' field is given.
Assure that given `count' is exactly the length needed for a /smack/load rule.
In case of /smack/cipso where the length is relative, assure that `count'
does not exceed the size needed for a buffer representing maximum possible
number of CIPSO 2.2 categories.
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/smack/smack.h')
-rw-r--r-- | security/smack/smack.h | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index a21a0e907ab3..62c1e982849d 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h | |||
@@ -26,14 +26,6 @@ | |||
26 | #define SMK_MAXLEN 23 | 26 | #define SMK_MAXLEN 23 |
27 | #define SMK_LABELLEN (SMK_MAXLEN+1) | 27 | #define SMK_LABELLEN (SMK_MAXLEN+1) |
28 | 28 | ||
29 | /* | ||
30 | * How many kinds of access are there? | ||
31 | * Here's your answer. | ||
32 | */ | ||
33 | #define SMK_ACCESSDASH '-' | ||
34 | #define SMK_ACCESSLOW "rwxa" | ||
35 | #define SMK_ACCESSKINDS (sizeof(SMK_ACCESSLOW) - 1) | ||
36 | |||
37 | struct superblock_smack { | 29 | struct superblock_smack { |
38 | char *smk_root; | 30 | char *smk_root; |
39 | char *smk_floor; | 31 | char *smk_floor; |