[patch 47/50] NetLabel: correctly fill in unused CIPSOv4 level and category mappings

From: Chris Wright
Date: Fri Jan 05 2007 - 21:37:34 EST

Next message: Chris Wright: "[patch 50/50] Fix incorrect user space access locking in mincore() (CVE-2006-4814)"
Previous message: Chris Wright: "[patch 49/50] fix OOM killing of swapoff"
In reply to: Chris Wright: "[patch 49/50] fix OOM killing of swapoff"
Next in thread: Chris Wright: "[patch 50/50] Fix incorrect user space access locking in mincore() (CVE-2006-4814)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-stable review patch. If anyone has any objections, please let us know.
------------------

From: Paul Moore <paul.moore@xxxxxx>

Back when the original NetLabel patches were being changed to use Netlink
attributes correctly some code was accidentially dropped which set all of the
undefined CIPSOv4 level and category mappings to a sentinel value. The result
is the mappings data in the kernel contains bogus mappings which always map to
zero. Having level and category mappings that map to zero could result in the
kernel assigning incorrect security attributes to packets.

This patch restores the old/correct behavior by initializing the mapping
data to the correct sentinel value.

Signed-off-by: Paul Moore <paul.moore@xxxxxx>
Signed-off-by: Chris Wright <chrisw@xxxxxxxxxxxx>
---
net/netlabel/netlabel_cipso_v4.c | 9 +++++++++
1 file changed, 9 insertions(+)

--- linux-2.6.19.1.orig/net/netlabel/netlabel_cipso_v4.c
+++ linux-2.6.19.1/net/netlabel/netlabel_cipso_v4.c
@@ -162,6 +162,7 @@ static int netlbl_cipsov4_add_std(struct
struct nlattr *nla_b;
int nla_a_rem;
int nla_b_rem;
+ u32 iter;

if (!info->attrs[NLBL_CIPSOV4_A_TAGLST] ||
!info->attrs[NLBL_CIPSOV4_A_MLSLVLLST])
@@ -223,6 +224,10 @@ static int netlbl_cipsov4_add_std(struct
ret_val = -ENOMEM;
goto add_std_failure;
}
+ for (iter = 0; iter < doi_def->map.std->lvl.local_size; iter++)
+ doi_def->map.std->lvl.local[iter] = CIPSO_V4_INV_LVL;
+ for (iter = 0; iter < doi_def->map.std->lvl.cipso_size; iter++)
+ doi_def->map.std->lvl.cipso[iter] = CIPSO_V4_INV_LVL;
nla_for_each_nested(nla_a,
info->attrs[NLBL_CIPSOV4_A_MLSLVLLST],
nla_a_rem)
@@ -296,6 +301,10 @@ static int netlbl_cipsov4_add_std(struct
ret_val = -ENOMEM;
goto add_std_failure;
}
+ for (iter = 0; iter < doi_def->map.std->cat.local_size; iter++)
+ doi_def->map.std->cat.local[iter] = CIPSO_V4_INV_CAT;
+ for (iter = 0; iter < doi_def->map.std->cat.cipso_size; iter++)
+ doi_def->map.std->cat.cipso[iter] = CIPSO_V4_INV_CAT;
nla_for_each_nested(nla_a,
info->attrs[NLBL_CIPSOV4_A_MLSCATLST],
nla_a_rem)

--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Wright: "[patch 50/50] Fix incorrect user space access locking in mincore() (CVE-2006-4814)"
Previous message: Chris Wright: "[patch 49/50] fix OOM killing of swapoff"
In reply to: Chris Wright: "[patch 49/50] fix OOM killing of swapoff"
Next in thread: Chris Wright: "[patch 50/50] Fix incorrect user space access locking in mincore() (CVE-2006-4814)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]