Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / kernel / msm / b500ce8d24d1f14426643da5f6fada28c1f60533
commitb500ce8d24d1f14426643da5f6fada28c1f60533[log] [tgz]
authorAhmed S. Darwish <darwish.07@gmail.com>Thu Mar 13 12:32:34 2008 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>Thu Mar 13 13:11:43 2008 -0700
tree17b6084b29434a968f787e238548a843126e2ec3
parent93d74463d018ddf05c169ad399e62e90e0f82fc0 [diff]
smackfs: do not trust `count' in inodes write()s

Smackfs write() implementation does not put a higher bound on the number of
bytes to copy from user-space.  This may lead to a DOS attack if a malicious
`count' field is given.

Assure that given `count' is exactly the length needed for a /smack/load rule.
 In case of /smack/cipso where the length is relative, assure that `count'
does not exceed the size needed for a buffer representing maximum possible
number of CIPSO 2.2 categories.

Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2 files changed
tree: 17b6084b29434a968f787e238548a843126e2ec3
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. fs/
  7. include/
  8. init/
  9. ipc/
  10. kernel/
  11. lib/
  12. mm/
  13. net/
  14. samples/
  15. scripts/
  16. security/
  17. sound/
  18. usr/
  19. virt/
  20. .gitignore
  21. .mailmap
  22. COPYING
  23. CREDITS
  24. Kbuild
  25. MAINTAINERS
  26. Makefile
  27. README
  28. REPORTING-BUGS