提交 0d422afb 编写于 作者: J J. Bruce Fields

security: cap_inode_getsecctx returning garbage

We shouldn't be returning success from this function without also
filling in the return values ctx and ctxlen.

Note currently this doesn't appear to cause bugs since the only
inode_getsecctx caller I can find is fs/sysfs/inode.c, which only calls
this if security_inode_setsecurity succeeds.  Assuming
security_inode_setsecurity is set to cap_inode_setsecurity whenever
inode_getsecctx is set to cap_inode_getsecctx, this function can never
actually called.

So I noticed this only because the server labeled NFS patches add a real
caller.
Acked-by: NSerge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: NJ. Bruce Fields <bfields@redhat.com>
上级 4f540e29
...@@ -843,7 +843,7 @@ static int cap_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) ...@@ -843,7 +843,7 @@ static int cap_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
static int cap_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) static int cap_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
{ {
return 0; return -EOPNOTSUPP;
} }
#ifdef CONFIG_KEYS #ifdef CONFIG_KEYS
static int cap_key_alloc(struct key *key, const struct cred *cred, static int cap_key_alloc(struct key *key, const struct cred *cred,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册