From 4ea815918109e7579fddbe8e5168f1940fc79349 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Wed, 27 Sep 2017 01:28:08 -0400
Subject: [PATCH] UBUNTU: SAUCE: LSM stacking: verify display LSM

Make sure the display LSM is verified to be a registered LSM, to
avoid breakage when a bad name is passed.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 security/security.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/security/security.c b/security/security.c
index 7728910cd5ac..c5d3fe8e155a 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1653,6 +1653,7 @@ static int lsm_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 	char buffer[SECURITY_NAME_MAX + 1];
 	__user char *optval = (__user char *)arg2;
 	__user int *optlen = (__user int *)arg3;
+	struct security_hook_list *hp;
 	int dlen;
 	int len;
 
@@ -1678,17 +1679,22 @@ static int lsm_task_prctl(int option, unsigned long arg2, unsigned long arg3,
 		if (copy_from_user(buffer, optval, len))
 			return -EFAULT;
 		buffer[len] = '\0';
-		/*
-		 * Trust the caller to know what lsm name(s) are available.
-		 */
+		/* verify the requested LSM is registered */
+		list_for_each_entry(hp, &security_hook_heads.getprocattr, list) {
+			if (!strcmp(buffer, hp->lsm)) {
+				strcpy(lsm, hp->lsm);
+				goto out;
+			}
+		}
 		if (!strncmp(buffer, nolsm, NOLSMLEN))
 			lsm[0] = '\0';
 		else
-			strcpy(lsm, buffer);
+			return -ENOENT;
 		break;
 	default:
 		return -ENOSYS;
 	}
+out:
 	return 0;
 }
 #endif
-- 
2.39.5