git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Vegard Nossum <vegard.nossum@oracle.com>
	Thu, 7 Jul 2016 20:41:11 +0000 (13:41 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 27 Jul 2016 15:42:15 +0000 (08:42 -0700)
commit	dba63efdec9c9d50e2cf37c8ba678f8e823cab9c
tree	923609feda194d47c66f854c949fe00829774098	tree
parent	592354224cfd414078743efab8670ab7b56a2b0c	commit \| diff

apparmor: fix oops, validate buffer size in apparmor_setprocattr()

commit 30a46a4647fd1df9cf52e43bf467f0d9265096ca upstream.

When proc_pid_attr_write() was changed to use memdup_user apparmor's
(interface violating) assumption that the setprocattr buffer was always
a single page was violated.

The size test is not strictly speaking needed as proc_pid_attr_write()
will reject anything larger, but for the sake of robustness we can keep
it in.

SMACK and SELinux look safe to me, but somebody else should probably
have a look just in case.

Based on original patch from Vegard Nossum <vegard.nossum@oracle.com>
modified for the case that apparmor provides null termination.

Fixes: bb646cdb12e75d82258c2f2e7746d5952d3e321a
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Eric Paris <eparis@parisplace.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>