UBUNTU: SAUCE: LSM stacking: verify display LSM

Make sure the display LSM is verified to be a registered LSM, to
avoid breakage when a bad name is passed.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

diff --git a/security/security.c b/security/security.c
index 7728910cd5ac307fa5f391bf87accf9f46821d68..c5d3fe8e155a69bd8549a781ba37a0aec0077026 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -1653,6 +1653,7 @@ static int lsm_task_prctl(int option, unsigned long arg2, unsigned long arg3,
        char buffer[SECURITY_NAME_MAX + 1];
        __user char *optval = (__user char *)arg2;
        __user int *optlen = (__user int *)arg3;
+       struct security_hook_list *hp;
        int dlen;
        int len;
 
@@ -1678,17 +1679,22 @@ static int lsm_task_prctl(int option, unsigned long arg2, unsigned long arg3,
                if (copy_from_user(buffer, optval, len))
                        return -EFAULT;
                buffer[len] = '\0';
-               /*
-                * Trust the caller to know what lsm name(s) are available.
-                */
+               /* verify the requested LSM is registered */
+               list_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
+                       if (!strcmp(buffer, hp->lsm)) {
+                               strcpy(lsm, hp->lsm);
+                               goto out;
+                       }
+               }
                if (!strncmp(buffer, nolsm, NOLSMLEN))
                        lsm[0] = '\0';
                else
-                       strcpy(lsm, buffer);
+                       return -ENOENT;
                break;
        default:
                return -ENOSYS;
        }
+out:
        return 0;
 }
 #endif