]> git.baikalelectronics.ru Git - kernel.git/commit
netlabel: improve domain mapping validation
authorPaul Moore <pmoore@redhat.com>
Fri, 17 May 2013 09:08:50 +0000 (09:08 +0000)
committerDavid S. Miller <davem@davemloft.net>
Sun, 19 May 2013 21:49:55 +0000 (14:49 -0700)
commit78cb669cdbede713db9cbd3ab064f2ceea27e3b0
tree8ee7662b9e58933f9c342fac01771a1cba705689
parent162b6e12bce93b57a56162e8b5f477dd20aef1a5
netlabel: improve domain mapping validation

The net/netlabel/netlabel_domainhash.c:netlbl_domhsh_add() function
does not properly validate new domain hash entries resulting in
potential problems when an administrator attempts to add an invalid
entry.  One such problem, as reported by Vlad Halilov, is a kernel
BUG (found in netlabel_domainhash.c:netlbl_domhsh_audit_add()) when
adding an IPv6 outbound mapping with a CIPSO configuration.

This patch corrects this problem by adding the necessary validation
code to netlbl_domhsh_add() via the newly created
netlbl_domhsh_validate() function.

Ideally this patch should also be pushed to the currently active
-stable trees.

Reported-by: Vlad Halilov <vlad.halilov@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/netlabel/netlabel_domainhash.c