diff options
author | Paul Moore <pmoore@redhat.com> | 2014-08-01 17:17:03 +0200 |
---|---|---|
committer | Paul Moore <pmoore@redhat.com> | 2014-08-01 17:17:03 +0200 |
commit | 41c3bd2039e0d7b3dc32313141773f20716ec524 (patch) | |
tree | b47057cfbaeded529570a91b39f14007594203fc /security | |
parent | selinux: reduce the number of calls to synchronize_net() when flushing caches (diff) | |
download | linux-41c3bd2039e0d7b3dc32313141773f20716ec524.tar.xz linux-41c3bd2039e0d7b3dc32313141773f20716ec524.zip |
netlabel: fix a problem when setting bits below the previously lowest bit
The NetLabel category (catmap) functions have a problem in that they
assume categories will be set in an increasing manner, e.g. the next
category set will always be larger than the last. Unfortunately, this
is not a valid assumption and could result in problems when attempting
to set categories less than the startbit in the lowest catmap node.
In some cases kernel panics and other nasties can result.
This patch corrects the problem by checking for this and allocating a
new catmap node instance and placing it at the front of the list.
Cc: stable@vger.kernel.org
Reported-by: Christian Evans <frodox@zoho.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Tested-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/smack/smack_access.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 14293cd9b1e5..9ecf4f4b67a1 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -444,7 +444,7 @@ int smk_netlbl_mls(int level, char *catset, struct netlbl_lsm_secattr *sap, for (m = 0x80; m != 0; m >>= 1, cat++) { if ((m & *cp) == 0) continue; - rc = netlbl_secattr_catmap_setbit(sap->attr.mls.cat, + rc = netlbl_secattr_catmap_setbit(&sap->attr.mls.cat, cat, GFP_ATOMIC); if (rc < 0) { netlbl_secattr_catmap_free(sap->attr.mls.cat); |