projects / wrapfs-3.9.y.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 61ca440) | patch
netlabel: improve domain mapping validation
authorPaul Moore <pmoore@redhat.com>
Fri, 17 May 2013 09:08:50 +0000 (09:08 +0000)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 27 Jun 2013 17:38:48 +0000 (10:38 -0700)
commita4299de8beb0957340857dd4724ef32a9d0459bf
tree8356d64cb0e4f995c6557e2a87527736fd83ccf0tree | snapshot
parent61ca440d36151d63b6b5c4ac5bb9bb8933332926commit | diff
netlabel: improve domain mapping validation

[ Upstream commit 6b21e1b77d1a3d58ebfd513264c885695e8a0ba5 ]

The net/netlabel/netlabel_domainhash.c:netlbl_domhsh_add() function
does not properly validate new domain hash entries resulting in
potential problems when an administrator attempts to add an invalid
entry.  One such problem, as reported by Vlad Halilov, is a kernel
BUG (found in netlabel_domainhash.c:netlbl_domhsh_audit_add()) when
adding an IPv6 outbound mapping with a CIPSO configuration.

This patch corrects this problem by adding the necessary validation
code to netlbl_domhsh_add() via the newly created
netlbl_domhsh_validate() function.

Ideally this patch should also be pushed to the currently active
-stable trees.

Reported-by: Vlad Halilov <vlad.halilov@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/netlabel/netlabel_domainhash.c diff | blob | history
wrapfs-3.9.y