diff options
| author | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2016-08-05 02:19:08 -0300 |
|---|---|---|
| committer | André Fabian Silva Delgado <emulatorman@parabola.nu> | 2016-08-05 02:19:08 -0300 |
| commit | 8dec7c70575785729a6a9e6719a955e9c545bcab (patch) | |
| tree | 897b1b743b2ceb44ace956e8176b6a7e36751019 /security | |
| parent | 4411a04f871d94ae997fb7262a428fe2ee988eb3 (diff) | |
Linux-libre 4.6.5-gnupck-4.6.5-gnu
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/lsm.c | 36 | ||||
| -rw-r--r-- | security/keys/key.c | 2 |
2 files changed, 20 insertions, 18 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index dec607c17..5ee820111 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -523,34 +523,34 @@ static int apparmor_setprocattr(struct task_struct *task, char *name, { struct common_audit_data sa; struct apparmor_audit_data aad = {0,}; - char *command, *args = value; + char *command, *largs = NULL, *args = value; size_t arg_size; int error; if (size == 0) return -EINVAL; - /* args points to a PAGE_SIZE buffer, AppArmor requires that - * the buffer must be null terminated or have size <= PAGE_SIZE -1 - * so that AppArmor can null terminate them - */ - if (args[size - 1] != '\0') { - if (size == PAGE_SIZE) - return -EINVAL; - args[size] = '\0'; - } - /* task can only write its own attributes */ if (current != task) return -EACCES; - args = value; + /* AppArmor requires that the buffer must be null terminated atm */ + if (args[size - 1] != '\0') { + /* null terminate */ + largs = args = kmalloc(size + 1, GFP_KERNEL); + if (!args) + return -ENOMEM; + memcpy(args, value, size); + args[size] = '\0'; + } + + error = -EINVAL; args = strim(args); command = strsep(&args, " "); if (!args) - return -EINVAL; + goto out; args = skip_spaces(args); if (!*args) - return -EINVAL; + goto out; arg_size = size - (args - (char *) value); if (strcmp(name, "current") == 0) { @@ -576,10 +576,12 @@ static int apparmor_setprocattr(struct task_struct *task, char *name, goto fail; } else /* only support the "current" and "exec" process attributes */ - return -EINVAL; + goto fail; if (!error) error = size; +out: + kfree(largs); return error; fail: @@ -588,9 +590,9 @@ fail: aad.profile = aa_current_profile(); aad.op = OP_SETPROCATTR; aad.info = name; - aad.error = -EINVAL; + aad.error = error = -EINVAL; aa_audit_msg(AUDIT_APPARMOR_DENIED, &sa, NULL); - return -EINVAL; + goto out; } static int apparmor_task_setrlimit(struct task_struct *task, diff --git a/security/keys/key.c b/security/keys/key.c index b28755131..af7f6821d 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -584,7 +584,7 @@ int key_reject_and_link(struct key *key, mutex_unlock(&key_construction_mutex); - if (keyring) + if (keyring && link_ret == 0) __key_link_end(keyring, &key->index_key, edit); /* wake up anyone waiting for a key to be constructed */ |