git.baikalelectronics.ru Git - kernel.git/commit

author	Paul Moore <pmoore@redhat.com>
	Fri, 17 May 2013 09:08:50 +0000 (09:08 +0000)
committer	David S. Miller <davem@davemloft.net>
	Sun, 19 May 2013 21:49:55 +0000 (14:49 -0700)
commit	78cb669cdbede713db9cbd3ab064f2ceea27e3b0
tree	8ee7662b9e58933f9c342fac01771a1cba705689	tree \| snapshot
parent	162b6e12bce93b57a56162e8b5f477dd20aef1a5	commit \| diff

netlabel: improve domain mapping validation

The net/netlabel/netlabel_domainhash.c:netlbl_domhsh_add() function
does not properly validate new domain hash entries resulting in
potential problems when an administrator attempts to add an invalid
entry. One such problem, as reported by Vlad Halilov, is a kernel
BUG (found in netlabel_domainhash.c:netlbl_domhsh_audit_add()) when
adding an IPv6 outbound mapping with a CIPSO configuration.

This patch corrects this problem by adding the necessary validation
code to netlbl_domhsh_add() via the newly created
netlbl_domhsh_validate() function.

Ideally this patch should also be pushed to the currently active
-stable trees.

Reported-by: Vlad Halilov <vlad.halilov@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>