Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  Smack: check for SMACK xattr validity in smack_inode_setxattr

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 921514902eca4cac7ca80eaa07622f487b2e51a0..98b3195347ab46d84749920de3b6b45df134de5f 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -609,8 +609,12 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name,
            strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
                if (!capable(CAP_MAC_ADMIN))
                        rc = -EPERM;
-               /* a label cannot be void and cannot begin with '-' */
-               if (size == 0 || (size > 0 && ((char *)value)[0] == '-'))
+               /*
+                * check label validity here so import wont fail on
+                * post_setxattr
+                */
+               if (size == 0 || size >= SMK_LABELLEN ||
+                   smk_import(value, size) == NULL)
                        rc = -EINVAL;
        } else
                rc = cap_inode_setxattr(dentry, name, value, size, flags);
@@ -644,9 +648,6 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
        if (strcmp(name, XATTR_NAME_SMACK))
                return;
 
-       if (size >= SMK_LABELLEN)
-               return;
-
        isp = dentry->d_inode->i_security;
 
        /*