summaryrefslogtreecommitdiffstats
path: root/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0035-Smack-handle-zero-length-security-labels-without-pan.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0035-Smack-handle-zero-length-security-labels-without-pan.patch')
-rw-r--r--meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0035-Smack-handle-zero-length-security-labels-without-pan.patch62
1 files changed, 62 insertions, 0 deletions
diff --git a/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0035-Smack-handle-zero-length-security-labels-without-pan.patch b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0035-Smack-handle-zero-length-security-labels-without-pan.patch
new file mode 100644
index 0000000..b22dbed
--- /dev/null
+++ b/meta-rcar-gen2/recipes-kernel/linux/linux-renesas/smack/0035-Smack-handle-zero-length-security-labels-without-pan.patch
@@ -0,0 +1,62 @@
+From 725aece63ff35520dbd369079dd2f6430f795a5f Mon Sep 17 00:00:00 2001
+From: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
+Date: Thu, 7 Aug 2014 20:52:43 +0400
+Subject: [PATCH 35/54] Smack: handle zero-length security labels without panic
+
+Zero-length security labels are invalid but kernel should handle them.
+
+This patch fixes kernel panic after setting zero-length security labels:
+# attr -S -s "SMACK64" -V "" file
+
+And after writing zero-length string into smackfs files syslog and onlycp:
+# python -c 'import os; os.write(1, "")' > /smack/syslog
+
+The problem is caused by brain-damaged logic in function smk_parse_smack()
+which takes pointer to buffer and its length but if length below or equal zero
+it thinks that the buffer is zero-terminated. Unfortunately callers of this
+function are widely used and proper fix requires serious refactoring.
+
+Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
+---
+ security/smack/smack_lsm.c | 2 +-
+ security/smack/smackfs.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
+index f72d17c..8d23c23 100644
+--- a/security/smack/smack_lsm.c
++++ b/security/smack/smack_lsm.c
+@@ -923,7 +923,7 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
+ rc = -EPERM;
+
+ if (rc == 0 && check_import) {
+- skp = smk_import_entry(value, size);
++ skp = size ? smk_import_entry(value, size) : NULL;
+ if (skp == NULL || (check_star &&
+ (skp == &smack_known_star || skp == &smack_known_web)))
+ rc = -EINVAL;
+diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
+index 32b2488..585bea0 100644
+--- a/security/smack/smackfs.c
++++ b/security/smack/smackfs.c
+@@ -1677,7 +1677,7 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
+ if (smack_onlycap != NULL && smack_onlycap != skp)
+ return -EPERM;
+
+- data = kzalloc(count, GFP_KERNEL);
++ data = kzalloc(count + 1, GFP_KERNEL);
+ if (data == NULL)
+ return -ENOMEM;
+
+@@ -2228,7 +2228,7 @@ static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
+ if (!smack_privileged(CAP_MAC_ADMIN))
+ return -EPERM;
+
+- data = kzalloc(count, GFP_KERNEL);
++ data = kzalloc(count + 1, GFP_KERNEL);
+ if (data == NULL)
+ return -ENOMEM;
+
+--
+2.1.4
+