diff options
Diffstat (limited to 'security/smack')
-rw-r--r-- | security/smack/smack_lsm.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 921514902eca..98b3195347ab 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -609,8 +609,12 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name, | |||
609 | strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { | 609 | strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { |
610 | if (!capable(CAP_MAC_ADMIN)) | 610 | if (!capable(CAP_MAC_ADMIN)) |
611 | rc = -EPERM; | 611 | rc = -EPERM; |
612 | /* a label cannot be void and cannot begin with '-' */ | 612 | /* |
613 | if (size == 0 || (size > 0 && ((char *)value)[0] == '-')) | 613 | * check label validity here so import wont fail on |
614 | * post_setxattr | ||
615 | */ | ||
616 | if (size == 0 || size >= SMK_LABELLEN || | ||
617 | smk_import(value, size) == NULL) | ||
614 | rc = -EINVAL; | 618 | rc = -EINVAL; |
615 | } else | 619 | } else |
616 | rc = cap_inode_setxattr(dentry, name, value, size, flags); | 620 | rc = cap_inode_setxattr(dentry, name, value, size, flags); |
@@ -644,9 +648,6 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, | |||
644 | if (strcmp(name, XATTR_NAME_SMACK)) | 648 | if (strcmp(name, XATTR_NAME_SMACK)) |
645 | return; | 649 | return; |
646 | 650 | ||
647 | if (size >= SMK_LABELLEN) | ||
648 | return; | ||
649 | |||
650 | isp = dentry->d_inode->i_security; | 651 | isp = dentry->d_inode->i_security; |
651 | 652 | ||
652 | /* | 653 | /* |