summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2014-08-01 17:17:03 +0200
committerPaul Moore <pmoore@redhat.com>2014-08-01 17:17:03 +0200
commit41c3bd2039e0d7b3dc32313141773f20716ec524 (patch)
treeb47057cfbaeded529570a91b39f14007594203fc /security
parentselinux: reduce the number of calls to synchronize_net() when flushing caches (diff)
downloadlinux-41c3bd2039e0d7b3dc32313141773f20716ec524.tar.xz
linux-41c3bd2039e0d7b3dc32313141773f20716ec524.zip
netlabel: fix a problem when setting bits below the previously lowest bit
The NetLabel category (catmap) functions have a problem in that they assume categories will be set in an increasing manner, e.g. the next category set will always be larger than the last. Unfortunately, this is not a valid assumption and could result in problems when attempting to set categories less than the startbit in the lowest catmap node. In some cases kernel panics and other nasties can result. This patch corrects the problem by checking for this and allocating a new catmap node instance and placing it at the front of the list. Cc: stable@vger.kernel.org Reported-by: Christian Evans <frodox@zoho.com> Signed-off-by: Paul Moore <pmoore@redhat.com> Tested-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security')
-rw-r--r--security/smack/smack_access.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 14293cd9b1e5..9ecf4f4b67a1 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -444,7 +444,7 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap,
for (m = 0x80; m != 0; m >>= 1, cat++) {
if ((m & *cp) == 0)
continue;
- rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat,
+ rc = netlbl_secattr_catmap_setbit(&sap->attr.mls.cat,
cat, GFP_ATOMIC);
if (rc < 0) {
netlbl_secattr_catmap_free(sap->attr.mls.cat);