summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorJames Morris <james.l.morris@oracle.com>2014-11-26 14:35:32 +0100
committerJames Morris <james.l.morris@oracle.com>2014-11-26 14:35:32 +0100
commitac14ae25b676d721b6bfcfb046dc53a9f7760d83 (patch)
tree71d0cd79a23bbd744effe37441be2c328399a4e6 /security
parentMerge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/li... (diff)
parentsecurity: smack: fix out-of-bounds access in smk_parse_smack() (diff)
downloadlinux-ac14ae25b676d721b6bfcfb046dc53a9f7760d83.tar.xz
linux-ac14ae25b676d721b6bfcfb046dc53a9f7760d83.zip
Merge branch 'smack-for-3.19' of git://git.gitorious.org/smack-next/kernel into next
Diffstat (limited to 'security')
-rw-r--r--security/smack/smack_access.c17
-rw-r--r--security/smack/smack_lsm.c13
2 files changed, 18 insertions, 12 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 5b970ffde024..1158430f5bb9 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -142,8 +142,7 @@ int smk_access(struct smack_known *subject, struct smack_known *object,
* Tasks cannot be assigned the internet label.
* An internet subject can access any object.
*/
- if (object == &smack_known_web ||
- subject == &smack_known_web)
+ if (object == &smack_known_web || subject == &smack_known_web)
goto out_audit;
/*
* A star object can be accessed by any subject.
@@ -157,10 +156,11 @@ int smk_access(struct smack_known *subject, struct smack_known *object,
if (subject->smk_known == object->smk_known)
goto out_audit;
/*
- * A hat subject can read any object.
- * A floor object can be read by any subject.
+ * A hat subject can read or lock any object.
+ * A floor object can be read or locked by any subject.
*/
- if ((request & MAY_ANYREAD) == request) {
+ if ((request & MAY_ANYREAD) == request ||
+ (request & MAY_LOCK) == request) {
if (object == &smack_known_floor)
goto out_audit;
if (subject == &smack_known_hat)
@@ -452,10 +452,9 @@ char *smk_parse_smack(const char *string, int len)
return NULL;
smack = kzalloc(i + 1, GFP_KERNEL);
- if (smack != NULL) {
- strncpy(smack, string, i + 1);
- smack[i] = '\0';
- }
+ if (smack != NULL)
+ strncpy(smack, string, i);
+
return smack;
}
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 93dc876734a4..2717cdd7872c 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -53,6 +53,7 @@
#define SMK_SENDING 2
LIST_HEAD(smk_ipv6_port_list);
+static struct kmem_cache *smack_inode_cache;
#ifdef CONFIG_SECURITY_SMACK_BRINGUP
static void smk_bu_mode(int mode, char *s)
@@ -240,7 +241,7 @@ struct inode_smack *new_inode_smack(struct smack_known *skp)
{
struct inode_smack *isp;
- isp = kzalloc(sizeof(struct inode_smack), GFP_NOFS);
+ isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
if (isp == NULL)
return NULL;
@@ -767,7 +768,7 @@ static int smack_inode_alloc_security(struct inode *inode)
*/
static void smack_inode_free_security(struct inode *inode)
{
- kfree(inode->i_security);
+ kmem_cache_free(smack_inode_cache, inode->i_security);
inode->i_security = NULL;
}
@@ -4265,10 +4266,16 @@ static __init int smack_init(void)
if (!security_module_enable(&smack_ops))
return 0;
+ smack_inode_cache = KMEM_CACHE(inode_smack, 0);
+ if (!smack_inode_cache)
+ return -ENOMEM;
+
tsp = new_task_smack(&smack_known_floor, &smack_known_floor,
GFP_KERNEL);
- if (tsp == NULL)
+ if (tsp == NULL) {
+ kmem_cache_destroy(smack_inode_cache);
return -ENOMEM;
+ }
printk(KERN_INFO "Smack: Initializing.\n");