Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem bugfixes from James Morris. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: selinux: fix selinux_inode_setxattr oops KEYS: linux/key-type.h needs linux/errno.h smack: off by one error
This commit is contained in:
commit
172f993a29
|
@ -13,6 +13,7 @@
|
||||||
#define _LINUX_KEY_TYPE_H
|
#define _LINUX_KEY_TYPE_H
|
||||||
|
|
||||||
#include <linux/key.h>
|
#include <linux/key.h>
|
||||||
|
#include <linux/errno.h>
|
||||||
|
|
||||||
#ifdef CONFIG_KEYS
|
#ifdef CONFIG_KEYS
|
||||||
|
|
||||||
|
|
|
@ -2791,11 +2791,16 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
|
||||||
|
|
||||||
/* We strip a nul only if it is at the end, otherwise the
|
/* We strip a nul only if it is at the end, otherwise the
|
||||||
* context contains a nul and we should audit that */
|
* context contains a nul and we should audit that */
|
||||||
|
if (value) {
|
||||||
str = value;
|
str = value;
|
||||||
if (str[size - 1] == '\0')
|
if (str[size - 1] == '\0')
|
||||||
audit_size = size - 1;
|
audit_size = size - 1;
|
||||||
else
|
else
|
||||||
audit_size = size;
|
audit_size = size;
|
||||||
|
} else {
|
||||||
|
str = "";
|
||||||
|
audit_size = 0;
|
||||||
|
}
|
||||||
ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
|
ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
|
||||||
audit_log_format(ab, "op=setxattr invalid_context=");
|
audit_log_format(ab, "op=setxattr invalid_context=");
|
||||||
audit_log_n_untrustedstring(ab, value, audit_size);
|
audit_log_n_untrustedstring(ab, value, audit_size);
|
||||||
|
|
|
@ -323,11 +323,11 @@ static int smk_parse_long_rule(const char *data, struct smack_rule *rule,
|
||||||
int datalen;
|
int datalen;
|
||||||
int rc = -1;
|
int rc = -1;
|
||||||
|
|
||||||
/*
|
/* This is inefficient */
|
||||||
* This is probably inefficient, but safe.
|
|
||||||
*/
|
|
||||||
datalen = strlen(data);
|
datalen = strlen(data);
|
||||||
subject = kzalloc(datalen, GFP_KERNEL);
|
|
||||||
|
/* Our first element can be 64 + \0 with no spaces */
|
||||||
|
subject = kzalloc(datalen + 1, GFP_KERNEL);
|
||||||
if (subject == NULL)
|
if (subject == NULL)
|
||||||
return -1;
|
return -1;
|
||||||
object = kzalloc(datalen, GFP_KERNEL);
|
object = kzalloc(datalen, GFP_KERNEL);
|
||||||
|
|
Loading…
Reference in New Issue