diff options
Diffstat (limited to 'security/smack')
-rw-r--r-- | security/smack/smack_lsm.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index f557767911c9..0d030b4513c8 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -675,8 +675,12 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name, | |||
675 | strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { | 675 | strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) { |
676 | if (!capable(CAP_MAC_ADMIN)) | 676 | if (!capable(CAP_MAC_ADMIN)) |
677 | rc = -EPERM; | 677 | rc = -EPERM; |
678 | /* a label cannot be void and cannot begin with '-' */ | 678 | /* |
679 | if (size == 0 || (size > 0 && ((char *)value)[0] == '-')) | 679 | * check label validity here so import wont fail on |
680 | * post_setxattr | ||
681 | */ | ||
682 | if (size == 0 || size >= SMK_LABELLEN || | ||
683 | smk_import(value, size) == NULL) | ||
680 | rc = -EINVAL; | 684 | rc = -EINVAL; |
681 | } else | 685 | } else |
682 | rc = cap_inode_setxattr(dentry, name, value, size, flags); | 686 | rc = cap_inode_setxattr(dentry, name, value, size, flags); |
@@ -713,9 +717,6 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, | |||
713 | if (strcmp(name, XATTR_NAME_SMACK)) | 717 | if (strcmp(name, XATTR_NAME_SMACK)) |
714 | return; | 718 | return; |
715 | 719 | ||
716 | if (size >= SMK_LABELLEN) | ||
717 | return; | ||
718 | |||
719 | isp = dentry->d_inode->i_security; | 720 | isp = dentry->d_inode->i_security; |
720 | 721 | ||
721 | /* | 722 | /* |