Commit 7e4b9359 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull security layer fixes from James Morris:
 "A fix for SELinux policy processing (regression introduced by
  commit fa1aa143: "selinux: extended permissions for ioctls"), as
  well as a fix for the user-triggerable oops in the Keys code"

* 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  KEYS: Fix handling of stored error in a negatively instantiated user key
  selinux: fix bug in conditional rules handling
parents c64410f3 6e375929
...@@ -845,6 +845,8 @@ static int encrypted_update(struct key *key, struct key_preparsed_payload *prep) ...@@ -845,6 +845,8 @@ static int encrypted_update(struct key *key, struct key_preparsed_payload *prep)
size_t datalen = prep->datalen; size_t datalen = prep->datalen;
int ret = 0; int ret = 0;
if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
return -ENOKEY;
if (datalen <= 0 || datalen > 32767 || !prep->data) if (datalen <= 0 || datalen > 32767 || !prep->data)
return -EINVAL; return -EINVAL;
......
...@@ -1007,13 +1007,16 @@ static void trusted_rcu_free(struct rcu_head *rcu) ...@@ -1007,13 +1007,16 @@ static void trusted_rcu_free(struct rcu_head *rcu)
*/ */
static int trusted_update(struct key *key, struct key_preparsed_payload *prep) static int trusted_update(struct key *key, struct key_preparsed_payload *prep)
{ {
struct trusted_key_payload *p = key->payload.data[0]; struct trusted_key_payload *p;
struct trusted_key_payload *new_p; struct trusted_key_payload *new_p;
struct trusted_key_options *new_o; struct trusted_key_options *new_o;
size_t datalen = prep->datalen; size_t datalen = prep->datalen;
char *datablob; char *datablob;
int ret = 0; int ret = 0;
if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
return -ENOKEY;
p = key->payload.data[0];
if (!p->migratable) if (!p->migratable)
return -EPERM; return -EPERM;
if (datalen <= 0 || datalen > 32767 || !prep->data) if (datalen <= 0 || datalen > 32767 || !prep->data)
......
...@@ -120,7 +120,10 @@ int user_update(struct key *key, struct key_preparsed_payload *prep) ...@@ -120,7 +120,10 @@ int user_update(struct key *key, struct key_preparsed_payload *prep)
if (ret == 0) { if (ret == 0) {
/* attach the new data, displacing the old */ /* attach the new data, displacing the old */
zap = key->payload.data[0]; if (!test_bit(KEY_FLAG_NEGATIVE, &key->flags))
zap = key->payload.data[0];
else
zap = NULL;
rcu_assign_keypointer(key, upayload); rcu_assign_keypointer(key, upayload);
key->expiry = 0; key->expiry = 0;
} }
......
...@@ -638,7 +638,7 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, ...@@ -638,7 +638,7 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
{ {
struct avtab_node *node; struct avtab_node *node;
if (!ctab || !key || !avd || !xperms) if (!ctab || !key || !avd)
return; return;
for (node = avtab_search_node(ctab, key); node; for (node = avtab_search_node(ctab, key); node;
...@@ -657,7 +657,7 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, ...@@ -657,7 +657,7 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) == if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
(node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED))) (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
avd->auditallow |= node->datum.u.data; avd->auditallow |= node->datum.u.data;
if ((node->key.specified & AVTAB_ENABLED) && if (xperms && (node->key.specified & AVTAB_ENABLED) &&
(node->key.specified & AVTAB_XPERMS)) (node->key.specified & AVTAB_XPERMS))
services_compute_xperms_drivers(xperms, node); services_compute_xperms_drivers(xperms, node);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment