iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Smack updates for v5.12.

Browse Source 
Bounds checking for writes to smackfs interfaces.
 -----BEGIN PGP SIGNATURE-----
 
 iQJLBAABCAA1FiEEC+9tH1YyUwIQzUIeOKUVfIxDyBEFAmAsOFwXHGNhc2V5QHNj
 aGF1Zmxlci1jYS5jb20ACgkQOKUVfIxDyBFMKA/9H0eX7y8Np7QErAjVg4rfTkFW
 nJJ6EzBCvmPsYoqNZsb+jWmnCo8k4LmRn3BXSsr4fiI/OwdoBHHuF9ZPl/sHOx+v
 eZZr7+WCJCKv/xdROtz0gVRFs3vbng4cGuhX/vDzqiVtbZ0w1Uh0G1Dpe0XDsGdU
 SL4fh9x8UQwGsTdsCfUAKMhiUxHX1qupsVeH3DC20KSc3wVoddeZTi9GkU6bOXAM
 jxa+w1RwYewpchKeGAjErJ2sNz/yQ7Na6MlejNLgG9QQM9uraY+VoffyInDTcOy8
 yJsYikk6HElVdU8UGWk6ZKcDFd7PlLw2b0FJfx9ICHmvNzZbWHJwPVr8zFCq1SLe
 ydX31IKz6zTsKWxRYUNvLFn4LlT+Okg8u0r/apc/Yn7Cxy8OfElwA5s0K8NURIBs
 cG4li4MiRi1v8JkwQZBN8mhyEV8JF98Wdm6hXqvTITYt4sz4XmVc8c15o/7cOEWo
 zeF5i/HDy9aZRQt4z1y1NKVRx7CQylgJ5INeLebMtVuWILjsO/VIj/bsBcO+LQ4/
 jjnkLJLOQ49TryisgDNY8M+vgCODo6GeFFCjhBQQ7+i4LNedrkhZqOJKsPKOSV8s
 RR6rvrotWDIjKrzmraP3rSLv/HsgKEymo42K+hQlOmN9nbZtSahr7JxanamC5avw
 HIAt0QGJ1XqtprniOyk=
 =Ft+S
 -----END PGP SIGNATURE-----

Merge tag 'Smack-for-v5.12' of git://github.com/cschaufler/smack-next

Pull smack updates from Casey Schaufler:
 "Bounds checking for writes to smackfs interfaces"

* tag 'Smack-for-v5.12' of git://github.com/cschaufler/smack-next:
  smackfs: restrict bytes count in smackfs write functions
This commit is contained in:
Linus Torvalds 2021-02-21 17:11:07 -08:00
commit 92ae63c07b
1 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
security/smack/smackfs.c
View File

@ -1167,7 +1167,7 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf,
return -EPERM;
if (*ppos != 0)
return -EINVAL;
if (count < SMK_NETLBLADDRMIN)
if (count < SMK_NETLBLADDRMIN || count > PAGE_SIZE - 1)
return -EINVAL;
data = memdup_user_nul(buf, count);
@ -1427,7 +1427,7 @@ static ssize_t smk_write_net6addr(struct file *file, const char __user *buf,
return -EPERM;
if (*ppos != 0)
return -EINVAL;
if (count < SMK_NETLBLADDRMIN)
if (count < SMK_NETLBLADDRMIN || count > PAGE_SIZE - 1)
return -EINVAL;
data = memdup_user_nul(buf, count);
@ -1834,6 +1834,10 @@ static ssize_t smk_write_ambient(struct file *file, const char __user *buf,
if (!smack_privileged(CAP_MAC_ADMIN))
return -EPERM;
/* Enough data must be present */
if (count == 0 || count > PAGE_SIZE)
return -EINVAL;
data = memdup_user_nul(buf, count);
if (IS_ERR(data))
return PTR_ERR(data);
@ -2005,6 +2009,9 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf,
if (!smack_privileged(CAP_MAC_ADMIN))
return -EPERM;
if (count > PAGE_SIZE)
return -EINVAL;
data = memdup_user_nul(buf, count);
if (IS_ERR(data))
return PTR_ERR(data);
@ -2092,6 +2099,9 @@ static ssize_t smk_write_unconfined(struct file *file, const char __user *buf,
if (!smack_privileged(CAP_MAC_ADMIN))
return -EPERM;
if (count > PAGE_SIZE)
return -EINVAL;
data = memdup_user_nul(buf, count);
if (IS_ERR(data))
return PTR_ERR(data);
@ -2648,6 +2658,10 @@ static ssize_t smk_write_syslog(struct file *file, const char __user *buf,
if (!smack_privileged(CAP_MAC_ADMIN))
return -EPERM;
/* Enough data must be present */
if (count == 0 || count > PAGE_SIZE)
return -EINVAL;
data = memdup_user_nul(buf, count);
if (IS_ERR(data))
return PTR_ERR(data);
@ -2740,10 +2754,13 @@ static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf,
return -EPERM;
/*
* No partial write.
* Enough data must be present.
*/
if (*ppos != 0)
return -EINVAL;
if (count == 0 || count > PAGE_SIZE)
return -EINVAL;
data = memdup_user_nul(buf, count);
if (IS_ERR(data))