diff options
author | Alex Shi <alex.shi@linaro.org> | 2018-03-23 02:33:06 +0000 |
---|---|---|
committer | Alex Shi <alex.shi@linaro.org> | 2018-03-23 02:33:06 +0000 |
commit | 9c032b533b870102c1929870059ec2c089a31f2b (patch) | |
tree | 87f979a767aaa305300bcb7720d0ae52f43096c8 /security | |
parent | 9ad0ea90a166b728745bdbef04f573a4eed811fd (diff) | |
parent | 78c39820dc30c73f5b69c3fe2269ad9b0840a61a (diff) |
Merge branch 'linux-linaro-lsk-v4.4' into linux-linaro-lsk-v4.4-android
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/lsm.c | 2 | ||||
-rw-r--r-- | security/integrity/ima/ima_appraise.c | 3 | ||||
-rw-r--r-- | security/selinux/hooks.c | 8 |
3 files changed, 11 insertions, 2 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index dec607c17b64..6dc4ce47580f 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -722,7 +722,7 @@ module_param_named(logsyscall, aa_g_logsyscall, aabool, S_IRUSR | S_IWUSR); /* Maximum pathname length before accesses will start getting rejected */ unsigned int aa_g_path_max = 2 * PATH_MAX; -module_param_named(path_max, aa_g_path_max, aauint, S_IRUSR | S_IWUSR); +module_param_named(path_max, aa_g_path_max, aauint, S_IRUSR); /* Determines how paranoid loading of policy is and how much verification * on the loaded policy is done. diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 19014293f927..8da7c91b725d 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -206,7 +206,8 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint, if (opened & FILE_CREATED) iint->flags |= IMA_NEW_FILE; if ((iint->flags & IMA_NEW_FILE) && - !(iint->flags & IMA_DIGSIG_REQUIRED)) + (!(iint->flags & IMA_DIGSIG_REQUIRED) || + (inode->i_size == 0))) status = INTEGRITY_PASS; goto out; } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index be68992a28cb..c5293ca6a26e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4158,10 +4158,18 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in u32 sid, node_perm; if (family == PF_INET) { + if (addrlen < sizeof(struct sockaddr_in)) { + err = -EINVAL; + goto out; + } addr4 = (struct sockaddr_in *)address; snum = ntohs(addr4->sin_port); addrp = (char *)&addr4->sin_addr.s_addr; } else { + if (addrlen < SIN6_LEN_RFC2133) { + err = -EINVAL; + goto out; + } addr6 = (struct sockaddr_in6 *)address; snum = ntohs(addr6->sin6_port); addrp = (char *)&addr6->sin6_addr.s6_addr; |