aboutsummaryrefslogtreecommitdiffstats
path: root/security/smack
diff options
context:
space:
mode:
Diffstat (limited to 'security/smack')
-rw-r--r--security/smack/smack_lsm.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 921514902eca..98b3195347ab 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -609,8 +609,12 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
609 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 609 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
610 if (!capable(CAP_MAC_ADMIN)) 610 if (!capable(CAP_MAC_ADMIN))
611 rc = -EPERM; 611 rc = -EPERM;
612 /* a label cannot be void and cannot begin with '-' */ 612 /*
613 if (size == 0 || (size > 0 && ((char *)value)[0] == '-')) 613 * check label validity here so import wont fail on
614 * post_setxattr
615 */
616 if (size == 0 || size >= SMK_LABELLEN ||
617 smk_import(value, size) == NULL)
614 rc = -EINVAL; 618 rc = -EINVAL;
615 } else 619 } else
616 rc = cap_inode_setxattr(dentry, name, value, size, flags); 620 rc = cap_inode_setxattr(dentry, name, value, size, flags);
@@ -644,9 +648,6 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
644 if (strcmp(name, XATTR_NAME_SMACK)) 648 if (strcmp(name, XATTR_NAME_SMACK))
645 return; 649 return;
646 650
647 if (size >= SMK_LABELLEN)
648 return;
649
650 isp = dentry->d_inode->i_security; 651 isp = dentry->d_inode->i_security;
651 652
652 /* 653 /*