leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Smack fixes for 5.9

Browse Source 
-----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCAA1FiEEC+9tH1YyUwIQzUIeOKUVfIxDyBEFAl8pmVMXHGNhc2V5QHNj
 aGF1Zmxlci1jYS5jb20ACgkQOKUVfIxDyBE4tA/7BvMGZjrGVu7F8oOJGam6xiQ+
 iVczarvuH9HUfIWWKytgAZXaNf8/lQvpTGYjJFdLGVaLVfB4CSrrrdOGlfvZGpZ/
 5CXeSMAAUOAmYnqjSXFuLqp0NJEEwBg0L7/YWGbp/fq7t8WcY73esDRpVw/R78fV
 rOSMq+qt+IKRERUZWHa3gY7/FDA1/KnEkXjcMViM9PN3Gi5u2Fw6IMVWugPYJYrh
 86jlrDxYV3ceqDpoiHGyulMcBk/f/GppjIWz4ihZ0YShn+ZgAXsnJGjEhGxsoSXb
 CdG0O0y/m6y/+ekyovhvL8+AymfVWbK3qzE8IxWp8Xbrd882naur0c0vTG6y2eF7
 Z2HnI3ivusNrKTkXQnzC86YJ0T96Pg9OCab5poSIsWK5bM542dKZ/7KoSDfzIfBH
 uPhTY2PyRSiUiCWpt7esHtp4mYwCGqUs2j80TZDb8ptAZbYKxzC0pFIDoFeEyOM4
 FDBXjH8Bo+eEG9V8OgGeVvluYaat+C00dba9fiOT7/Tm0F9KqOJEOO9uJPV9CuJN
 +jrL90mopy8T0bygqMjp+GB5V13IGL5+NDHZcnO3Ij5jI/7q0TQ6FlFZ4tg4o4yM
 Y7FyMF+ybUlRod0ayYgurtxn91c0E/PTOPSqtL/RKtRLbLdGrOM3Rfbxn9rREONY
 h1/RmmX5jSBQOKNq9/Y=
 =ZoLN
 -----END PGP SIGNATURE-----

Merge tag 'Smack-for-5.9' of git://github.com/cschaufler/smack-next

Pull smack updates from Casey Schaufler:
 "Minor fixes to Smack for the v5.9 release.

  All were found by automated checkers and have straightforward
  resolution"

* tag 'Smack-for-5.9' of git://github.com/cschaufler/smack-next:
  Smack: prevent underflow in smk_set_cipso()
  Smack: fix another vsscanf out of bounds
  Smack: fix use-after-free in smk_write_relabel_self()
This commit is contained in:
Linus Torvalds 2020-08-06 11:02:23 -07:00
commit bfdd5aaa54
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
security/smack/smackfs.c
View File

@ -884,7 +884,7 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
}
ret = sscanf(rule, "%d", &maplevel);
if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL)
if (ret != 1 || maplevel < 0 || maplevel > SMACK_CIPSO_MAXLEVEL)
goto out;
rule += SMK_DIGITLEN;
@ -905,6 +905,10 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
for (i = 0; i < catlen; i++) {
rule += SMK_DIGITLEN;
if (rule > data + count) {
rc = -EOVERFLOW;
goto out;
}
ret = sscanf(rule, "%u", &cat);
if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM)
goto out;
@ -2720,7 +2724,6 @@ static int smk_open_relabel_self(struct inode *inode, struct file *file)
static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
{
struct task_smack *tsp = smack_cred(current_cred());
char *data;
int rc;
LIST_HEAD(list_tmp);
@ -2745,11 +2748,21 @@ static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf,
kfree(data);
if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
struct cred *new;
struct task_smack *tsp;
new = prepare_creds();
if (!new) {
rc = -ENOMEM;
goto out;
}
tsp = smack_cred(new);
smk_destroy_label_list(&tsp->smk_relabel);
list_splice(&list_tmp, &tsp->smk_relabel);
commit_creds(new);
return count;
}
out:
smk_destroy_label_list(&list_tmp);
return rc;
}