netsniff-ng-libs = $(shell pkg-config --libs libnl-3.0) \
$(shell pkg-config --libs libnl-genl-3.0) \
-lpthread
ifeq ($(CONFIG_LIBPCAP), 1)
netsniff-ng-libs += -lpcap
endif
ifeq ($(CONFIG_GEOIP), 1)
netsniff-ng-libs += -lGeoIP \
-lz
endif
netsniff-ng-objs = dissector.o \
dissector_eth.o \
dissector_80211.o \
proto_arp.o \
proto_ethernet.o \
proto_icmpv4.o \
proto_icmpv6.o \
proto_igmp.o \
proto_ip_authentication_hdr.o \
proto_ip_esp.o \
proto_ipv4.o \
proto_ipv6.o \
proto_ipv6_dest_opts.o \
proto_ipv6_fragm.o \
proto_ipv6_hop_by_hop.o \
proto_ipv6_in_ipv4.o \
proto_ipv6_mobility_hdr.o \
proto_ipv6_no_nxt_hdr.o \
proto_ipv6_routing.o \
proto_lldp.o \
proto_none.o \
proto_tcp.o \
proto_udp.o \
proto_vlan.o \
proto_vlan_q_in_q.o \
proto_mpls_unicast.o \
proto_80211_mac_hdr.o \
promisc.o \
privs.o \
proc.o \
dev.o \
str.o \
sig.o \
sock.o \
irq.o \
iosched.o \
ioops.o \
link.o \
xmalloc.o \
hash.o \
bpf.o \
oui.o \
pcap_rw.o \
pcap_sg.o \
pcap_mm.o \
ring_rx.o \
ring_tx.o \
ring.o \
tprintf.o \
timer.o \
mac80211.o \
netsniff-ng.o
ifeq ($(CONFIG_LIBPCAP), 1)
netsniff-ng-objs += bpf_comp.o
endif
ifeq ($(CONFIG_GEOIP), 1)
netsniff-ng-objs += geoip.o
endif
ifeq ($(CONFIG_HWTSTAMP), 1)
netsniff-ng-objs += tstamping.o
endif
netsniff-ng-eflags = $(shell pkg-config --cflags libnl-3.0) \
$(shell pkg-config --cflags libnl-genl-3.0) \
-DHAVE_DISSECTOR_PROTOS -DNEED_TCPDUMP_LIKE_FILTER
'/cgit.cgi/linux/net-next.git/refs/?id=30a46a4647fd1df9cf52e43bf467f0d9265096ca'>refslogtreecommitdiff
apparmor: fix oops, validate buffer size in apparmor_setprocattr()
When proc_pid_attr_write() was changed to use memdup_user apparmor's
(interface violating) assumption that the setprocattr buffer was always
a single page was violated.
The size test is not strictly speaking needed as proc_pid_attr_write()
will reject anything larger, but for the sake of robustness we can keep
it in.
SMACK and SELinux look safe to me, but somebody else should probably
have a look just in case.
Based on original patch from Vegard Nossum <vegard.nossum@oracle.com>
modified for the case that apparmor provides null termination.
Fixes: bb646cdb12e75d82258c2f2e7746d5952d3e321a
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Eric Paris <eparis@parisplace.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: stable@kernel.org
Signed-off-by: John Johansen <john.johansen@canonical.com>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>