• Vegard Nossum's avatar
    apparmor: fix oops, validate buffer size in apparmor_setprocattr() · 30a46a46
    Vegard Nossum authored
    When proc_pid_attr_write() was changed to use memdup_user apparmor's
    (interface violating) assumption that the setprocattr buffer was always
    a single page was violated.
    
    The size test is not strictly speaking needed as proc_pid_attr_write()
    will reject anything larger, but for the sake of robustness we can keep
    it in.
    
    SMACK and SELinux look safe to me, but somebody else should probably
    have a look just in case.
    
    Based on original patch from Vegard Nossum <vegard.nossum@oracle.com>
    modified for the case that apparmor provides null termination.
    
    Fixes: bb646cdbReported-by: default avatarVegard Nossum <vegard.nossum@oracle.com>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Cc: John Johansen <john.johansen@canonical.com>
    Cc: Paul Moore <paul@paul-moore.com>
    Cc: Stephen Smalley <sds@tycho.nsa.gov>
    Cc: Eric Paris <eparis@parisplace.org>
    Cc: Casey Schaufler <casey@schaufler-ca.com>
    Cc: stable@kernel.org
    Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
    Reviewed-by: default avatarTyler Hicks <tyhicks@canonical.com>
    Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
    30a46a46
Name
Last commit
Last update
..
apparmor Loading commit data...
integrity Loading commit data...
keys Loading commit data...
loadpin Loading commit data...
selinux Loading commit data...
smack Loading commit data...
tomoyo Loading commit data...
yama Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
commoncap.c Loading commit data...
device_cgroup.c Loading commit data...
inode.c Loading commit data...
lsm_audit.c Loading commit data...
min_addr.c Loading commit data...
security.c Loading commit data...