git.baikalelectronics.ru Git - kernel.git/commit

author	Paul Moore <pmoore@redhat.com>
	Fri, 1 Aug 2014 15:17:03 +0000 (11:17 -0400)
committer	Paul Moore <pmoore@redhat.com>
	Fri, 1 Aug 2014 15:17:03 +0000 (11:17 -0400)
commit	dd480e0f1c66f76569a190166f996db9b39718b8
tree	b47057cfbaeded529570a91b39f14007594203fc	tree \| snapshot
parent	aebe4119062d8f1c1bbd05e409465a4cd0c73d28	commit \| diff

netlabel: fix a problem when setting bits below the previously lowest bit

The NetLabel category (catmap) functions have a problem in that they
assume categories will be set in an increasing manner, e.g. the next
category set will always be larger than the last. Unfortunately, this
is not a valid assumption and could result in problems when attempting
to set categories less than the startbit in the lowest catmap node.
In some cases kernel panics and other nasties can result.

This patch corrects the problem by checking for this and allocating a
new catmap node instance and placing it at the front of the list.

Cc: stable@vger.kernel.org
Reported-by: Christian Evans <frodox@zoho.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Tested-by: Casey Schaufler <casey@schaufler-ca.com>

include/net/netlabel.h		diff \| blob \| history
net/ipv4/cipso_ipv4.c		diff \| blob \| history
net/netlabel/netlabel_kapi.c		diff \| blob \| history
security/smack/smack_access.c		diff \| blob \| history