diff options
| author | Alex Shi <alex.shi@linaro.org> | 2018-03-23 02:32:54 +0000 |
|---|---|---|
| committer | Alex Shi <alex.shi@linaro.org> | 2018-03-23 02:32:54 +0000 |
| commit | 78c39820dc30c73f5b69c3fe2269ad9b0840a61a (patch) | |
| tree | 989afdf57f4574fded411bd5a6bdd8493e327a6e /security | |
| parent | 06eb38abaf83b589a5e66ca4749eee16fa0d9854 (diff) | |
| parent | 3753696b0aee3f3f55e161ef41d2cb0ea7e6e225 (diff) | |
Merge tag 'v4.4.123' into linux-linaro-lsk-v4.4
This is the 4.4.123 stable release
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/lsm.c | 2 | ||||
| -rw-r--r-- | security/integrity/ima/ima_appraise.c | 3 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 8 |
3 files changed, 11 insertions, 2 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index dec607c17b64..6dc4ce47580f 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -722,7 +722,7 @@ module_param_named(logsyscall, aa_g_logsyscall, aabool, S_IRUSR | S_IWUSR); /* Maximum pathname length before accesses will start getting rejected */ unsigned int aa_g_path_max = 2 * PATH_MAX; -module_param_named(path_max, aa_g_path_max, aauint, S_IRUSR | S_IWUSR); +module_param_named(path_max, aa_g_path_max, aauint, S_IRUSR); /* Determines how paranoid loading of policy is and how much verification * on the loaded policy is done. diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index 19014293f927..8da7c91b725d 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -206,7 +206,8 @@ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint, if (opened & FILE_CREATED) iint->flags |= IMA_NEW_FILE; if ((iint->flags & IMA_NEW_FILE) && - !(iint->flags & IMA_DIGSIG_REQUIRED)) + (!(iint->flags & IMA_DIGSIG_REQUIRED) || + (inode->i_size == 0))) status = INTEGRITY_PASS; goto out; } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 3f370eb494d1..4c7db967b7bb 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4124,10 +4124,18 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in u32 sid, node_perm; if (family == PF_INET) { + if (addrlen < sizeof(struct sockaddr_in)) { + err = -EINVAL; + goto out; + } addr4 = (struct sockaddr_in *)address; snum = ntohs(addr4->sin_port); addrp = (char *)&addr4->sin_addr.s_addr; } else { + if (addrlen < SIN6_LEN_RFC2133) { + err = -EINVAL; + goto out; + } addr6 = (struct sockaddr_in6 *)address; snum = ntohs(addr6->sin6_port); addrp = (char *)&addr6->sin6_addr.s6_addr; |