From: Paul Moore <pmoore@redhat.com>
Date: Fri, 17 May 2013 09:08:50 +0000 (+0000)
Subject: netlabel: improve domain mapping validation
X-Git-Tag: v3.10-rc3~18^2~30
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b21e1b77d1a3d58ebfd513264c885695e8a0ba5;p=pandora-kernel.git

netlabel: improve domain mapping validation

The net/netlabel/netlabel_domainhash.c:netlbl_domhsh_add() function
does not properly validate new domain hash entries resulting in
potential problems when an administrator attempts to add an invalid
entry.  One such problem, as reported by Vlad Halilov, is a kernel
BUG (found in netlabel_domainhash.c:netlbl_domhsh_audit_add()) when
adding an IPv6 outbound mapping with a CIPSO configuration.

This patch corrects this problem by adding the necessary validation
code to netlbl_domhsh_add() via the newly created
netlbl_domhsh_validate() function.

Ideally this patch should also be pushed to the currently active
-stable trees.

Reported-by: Vlad Halilov <vlad.halilov@gmail.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed