security: cap_inode_getsecctx returning garbage

We shouldn't be returning success from this function without also filling in the return values ctx and ctxlen. Note currently this doesn't appear to cause bugs since the only inode_getsecctx caller I can find is fs/sysfs/inode.c, which only calls this if security_inode_setsecurity succeeds. Assuming security_inode_setsecurity is set to cap_inode_setsecurity whenever inode_getsecctx is set to cap_inode_getsecctx, this function can never actually called. So I noticed this only because the server labeled NFS patches add a real caller. Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>

security: cap_inode_getsecctx returning garbage
We shouldn't be returning success from this function without also filling in the return values ctx and ctxlen. Note currently this doesn't appear to cause bugs since the only inode_getsecctx caller I can find is fs/sysfs/inode.c, which only calls this if security_inode_setsecurity succeeds. Assuming security_inode_setsecurity is set to cap_inode_setsecurity whenever inode_getsecctx is set to cap_inode_getsecctx, this function can never actually called. So I noticed this only because the server labeled NFS patches add a real caller. Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
J. Bruce Fields
1 parent 4f540e29dc
Showing 1 changed file with 1 additions and 1 deletions Side-by-side Diff
security/capability.c
@@ -843,7 +843,7 @@
  
 static int cap_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
 {
-	return 0;
+	return -EOPNOTSUPP;
 }
 #ifdef CONFIG_KEYS
 static int cap_key_alloc(struct key *key, const struct cred *cred,
...	...	@@ -843,7 +843,7 @@
843	843
844	844	static int cap_inode_getsecctx(struct inode inode, void ctx, u32 ctxlen)
845	845	{
846		- return 0;
	846	+ return -EOPNOTSUPP;
847	847	}
848	848	#ifdef CONFIG_KEYS
849	849	static int cap_key_alloc(struct key key, const struct cred cred,