aboutsummaryrefslogtreecommitdiffstats
path: root/security/smack/smack_lsm.c
diff options
context:
space:
mode:
authorEtienne Basset <etienne.basset@numericable.fr>2009-04-16 17:58:42 -0400
committerJames Morris <jmorris@namei.org>2009-04-17 22:58:25 -0400
commitdefc433ba3bc587826bb467ce0e63452deafa65d (patch)
treefb11744178f227598b1b26e1c6f24041261c3b98 /security/smack/smack_lsm.c
parentaefe6475720bd5eb8aacbc881488f3aa65618562 (diff)
Smack: check for SMACK xattr validity in smack_inode_setxattr
the following patch moves checks for SMACK xattr validity from smack_inode_post_setxattr (which cannot return an error to the user) to smack_inode_setxattr (which can return an error). Signed-off-by: Etienne Basset <etienne.basset@numericable.fr> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/smack/smack_lsm.c')
-rw-r--r--security/smack/smack_lsm.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 921514902eca..98b3195347ab 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -609,8 +609,12 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
609 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 609 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
610 if (!capable(CAP_MAC_ADMIN)) 610 if (!capable(CAP_MAC_ADMIN))
611 rc = -EPERM; 611 rc = -EPERM;
612 /* a label cannot be void and cannot begin with '-' */ 612 /*
613 if (size == 0 || (size > 0 && ((char *)value)[0] == '-')) 613 * check label validity here so import wont fail on
614 * post_setxattr
615 */
616 if (size == 0 || size >= SMK_LABELLEN ||
617 smk_import(value, size) == NULL)
614 rc = -EINVAL; 618 rc = -EINVAL;
615 } else 619 } else
616 rc = cap_inode_setxattr(dentry, name, value, size, flags); 620 rc = cap_inode_setxattr(dentry, name, value, size, flags);
@@ -644,9 +648,6 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
644 if (strcmp(name, XATTR_NAME_SMACK)) 648 if (strcmp(name, XATTR_NAME_SMACK))
645 return; 649 return;
646 650
647 if (size >= SMK_LABELLEN)
648 return;
649
650 isp = dentry->d_inode->i_security; 651 isp = dentry->d_inode->i_security;
651 652
652 /* 653 /*