UBUNTU: SAUCE: LSM stacking: check for invalid zero sized writes

BugLink: http://bugs.launchpad.net/bugs/1720779
Writing zero bytes to /proc/$pid/task/$pid/attr/context via
security_setprocattr cause an oops in memcpy_erms. Fix this by
checking for zero size and returning -EINVAL for this invalid
write size.

Detected by running stress-ng --procfs 0

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

diff --git a/security/security.c b/security/security.c
index 31efa8cc77fdd968de6759778374657c2698075c..cdc1627e43ef0d7a52430c2644559383ac89ca10 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -2007,6 +2007,9 @@ int security_setprocattr(const char *lsm, const char *name, void *value,
        char *temp;
        char *cp;
 
+       if (!size)
+               return -EINVAL;
+
        /*
         * If lsm is NULL look at all the modules to find one
         * that processes name. If lsm is not NULL only look at