OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/security/apparmor
History
Vegard Nossum 30a46a4647 apparmor: fix oops, validate buffer size in apparmor_setprocattr() 
When proc_pid_attr_write() was changed to use memdup_user apparmor's
(interface violating) assumption that the setprocattr buffer was always
a single page was violated.

The size test is not strictly speaking needed as proc_pid_attr_write()
will reject anything larger, but for the sake of robustness we can keep
it in.

SMACK and SELinux look safe to me, but somebody else should probably
have a look just in case.

Based on original patch from Vegard Nossum <vegard.nossum@oracle.com>
modified for the case that apparmor provides null termination.

Fixes: bb646cdb12
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Eric Paris <eparis@parisplace.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: stable@kernel.org
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
 		2016-07-08 10:26:25 +10:00
..
include apparmor: constify aa_path_link() 2016-03-28 00:47:26 -04:00
.gitignore
Kconfig apparmor: clarify CRYPTO dependency 2015-10-22 11:11:28 +11:00
Makefile
apparmorfs.c VFS: security/: d_inode() annotations 2015-04-15 15:06:57 -04:00
audit.c
capability.c
context.c
crypto.c
domain.c LSM: Switch to lists of hooks 2015-05-12 15:00:41 +10:00
file.c apparmor: constify aa_path_link() 2016-03-28 00:47:26 -04:00
ipc.c
lib.c
lsm.c apparmor: fix oops, validate buffer size in apparmor_setprocattr() 2016-07-08 10:26:25 +10:00
match.c
path.c [apparmor] constify struct path * in a bunch of helpers 2016-03-27 23:48:14 -04:00
policy.c
policy_unpack.c
procattr.c
resource.c
sid.c