aboutsummaryrefslogtreecommitdiffstats
path: root/security/smack
diff options
context:
space:
mode:
Diffstat (limited to 'security/smack')
-rw-r--r--security/smack/smack_lsm.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index f557767911c9..0d030b4513c8 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -675,8 +675,12 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
675 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { 675 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
676 if (!capable(CAP_MAC_ADMIN)) 676 if (!capable(CAP_MAC_ADMIN))
677 rc = -EPERM; 677 rc = -EPERM;
678 /* a label cannot be void and cannot begin with '-' */ 678 /*
679 if (size == 0 || (size > 0 && ((char *)value)[0] == '-')) 679 * check label validity here so import wont fail on
680 * post_setxattr
681 */
682 if (size == 0 || size >= SMK_LABELLEN ||
683 smk_import(value, size) == NULL)
680 rc = -EINVAL; 684 rc = -EINVAL;
681 } else 685 } else
682 rc = cap_inode_setxattr(dentry, name, value, size, flags); 686 rc = cap_inode_setxattr(dentry, name, value, size, flags);
@@ -713,9 +717,6 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
713 if (strcmp(name, XATTR_NAME_SMACK)) 717 if (strcmp(name, XATTR_NAME_SMACK))
714 return; 718 return;
715 719
716 if (size >= SMK_LABELLEN)
717 return;
718
719 isp = dentry->d_inode->i_security; 720 isp = dentry->d_inode->i_security;
720 721
721 /* 722 /*