err.no Git - linux-2.6/commit

author	Ahmed S. Darwish <darwish.07@gmail.com>
	Thu, 13 Mar 2008 19:32:34 +0000 (12:32 -0700)
committer	Linus Torvalds <torvalds@linux-foundation.org>
	Thu, 13 Mar 2008 20:11:43 +0000 (13:11 -0700)
commit	b500ce8d24d1f14426643da5f6fada28c1f60533
tree	17b6084b29434a968f787e238548a843126e2ec3	tree \| snapshot
parent	93d74463d018ddf05c169ad399e62e90e0f82fc0	commit \| diff

smackfs: do not trust `count' in inodes write()s

Smackfs write() implementation does not put a higher bound on the number of
bytes to copy from user-space. This may lead to a DOS attack if a malicious
`count' field is given.

Assure that given `count' is exactly the length needed for a /smack/load rule.
In case of /smack/cipso where the length is relative, assure that `count'
does not exceed the size needed for a buffer representing maximum possible
number of CIPSO 2.2 categories.

Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

security/smack/smack.h		diff \| blob \| history
security/smack/smackfs.c		diff \| blob \| history