aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2014-08-01 11:17:03 -0400
committerPaul Moore <pmoore@redhat.com>2014-08-01 11:17:03 -0400
commit41c3bd2039e0d7b3dc32313141773f20716ec524 (patch)
treeb47057cfbaeded529570a91b39f14007594203fc /security
parent615e51fdda6f274e94b1e905fcaf6111e0d9aa20 (diff)
netlabel: fix a problem when setting bits below the previously lowest bit
The NetLabel category (catmap) functions have a problem in that they assume categories will be set in an increasing manner, e.g. the next category set will always be larger than the last. Unfortunately, this is not a valid assumption and could result in problems when attempting to set categories less than the startbit in the lowest catmap node. In some cases kernel panics and other nasties can result. This patch corrects the problem by checking for this and allocating a new catmap node instance and placing it at the front of the list. Cc: stable@vger.kernel.org Reported-by: Christian Evans <frodox@zoho.com> Signed-off-by: Paul Moore <pmoore@redhat.com> Tested-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security')
-rw-r--r--security/smack/smack_access.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 14293cd9b1e5..9ecf4f4b67a1 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -444,7 +444,7 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
444 for (m = 0x80; m != 0; m >>= 1, cat++) { 444 for (m = 0x80; m != 0; m >>= 1, cat++) {
445 if ((m & *cp) == 0) 445 if ((m & *cp) == 0)
446 continue; 446 continue;
447 rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat, 447 rc = netlbl_secattr_catmap_setbit(&sap->attr.mls.cat,
448 cat, GFP_ATOMIC); 448 cat, GFP_ATOMIC);
449 if (rc < 0) { 449 if (rc < 0) {
450 netlbl_secattr_catmap_free(sap->attr.mls.cat); 450 netlbl_secattr_catmap_free(sap->attr.mls.cat);