diff options
author | Etienne Basset <etienne.basset@numericable.fr> | 2009-04-16 17:58:42 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-04-17 22:58:25 -0400 |
commit | defc433ba3bc587826bb467ce0e63452deafa65d (patch) | |
tree | fb11744178f227598b1b26e1c6f24041261c3b98 /security/smack/smack_lsm.c | |
parent | aefe6475720bd5eb8aacbc881488f3aa65618562 (diff) |
Smack: check for SMACK xattr validity in smack_inode_setxattr
the following patch moves checks for SMACK xattr validity
from smack_inode_post_setxattr (which cannot return an error to the user)
to smack_inode_setxattr (which can return an error).
Signed-off-by: Etienne Basset <etienne.basset@numericable.fr>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/smack/smack_lsm.c')
-rw-r--r-- | security/smack/smack_lsm.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 921514902eca..98b3195347ab 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -609,8 +609,12 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name, | |||
609 | strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { | 609 | strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { |
610 | if (!capable(CAP_MAC_ADMIN)) | 610 | if (!capable(CAP_MAC_ADMIN)) |
611 | rc = -EPERM; | 611 | rc = -EPERM; |
612 | /* a label cannot be void and cannot begin with '-' */ | 612 | /* |
613 | if (size == 0 || (size > 0 && ((char *)value)[0] == '-')) | 613 | * check label validity here so import wont fail on |
614 | * post_setxattr | ||
615 | */ | ||
616 | if (size == 0 || size >= SMK_LABELLEN || | ||
617 | smk_import(value, size) == NULL) | ||
614 | rc = -EINVAL; | 618 | rc = -EINVAL; |
615 | } else | 619 | } else |
616 | rc = cap_inode_setxattr(dentry, name, value, size, flags); | 620 | rc = cap_inode_setxattr(dentry, name, value, size, flags); |
@@ -644,9 +648,6 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, | |||
644 | if (strcmp(name, XATTR_NAME_SMACK)) | 648 | if (strcmp(name, XATTR_NAME_SMACK)) |
645 | return; | 649 | return; |
646 | 650 | ||
647 | if (size >= SMK_LABELLEN) | ||
648 | return; | ||
649 | |||
650 | isp = dentry->d_inode->i_security; | 651 | isp = dentry->d_inode->i_security; |
651 | 652 | ||
652 | /* | 653 | /* |