netsniff-ng-libs = $(shell pkg-config --libs libnl-3.0) \ $(shell pkg-config --libs libnl-genl-3.0) \ -lpthread ifeq ($(CONFIG_LIBPCAP), 1) netsniff-ng-libs += -lpcap endif ifeq ($(CONFIG_GEOIP), 1) netsniff-ng-libs += -lGeoIP \ -lz endif netsniff-ng-objs = dissector.o \ dissector_eth.o \ dissector_80211.o \ proto_arp.o \ proto_ethernet.o \ proto_icmpv4.o \ proto_icmpv6.o \ proto_igmp.o \ proto_ip_authentication_hdr.o \ proto_ip_esp.o \ proto_ipv4.o \ proto_ipv6.o \ proto_ipv6_dest_opts.o \ proto_ipv6_fragm.o \ proto_ipv6_hop_by_hop.o \ proto_ipv6_in_ipv4.o \ proto_ipv6_mobility_hdr.o \ proto_ipv6_no_nxt_hdr.o \ proto_ipv6_routing.o \ proto_lldp.o \ proto_none.o \ proto_tcp.o \ proto_udp.o \ proto_vlan.o \ proto_vlan_q_in_q.o \ proto_mpls_unicast.o \ proto_80211_mac_hdr.o \ promisc.o \ privs.o \ proc.o \ dev.o \ str.o \ sig.o \ sock.o \ irq.o \ iosched.o \ ioops.o \ link.o \ xmalloc.o \ hash.o \ bpf.o \ oui.o \ pcap_rw.o \ pcap_sg.o \ pcap_mm.o \ ring_rx.o \ ring_tx.o \ ring.o \ tprintf.o \ timer.o \ mac80211.o \ netsniff-ng.o ifeq ($(CONFIG_LIBPCAP), 1) netsniff-ng-objs += bpf_comp.o endif ifeq ($(CONFIG_GEOIP), 1) netsniff-ng-objs += geoip.o endif ifeq ($(CONFIG_HWTSTAMP), 1) netsniff-ng-objs += tstamping.o endif netsniff-ng-eflags = $(shell pkg-config --cflags libnl-3.0) \ $(shell pkg-config --cflags libnl-genl-3.0) \ -DHAVE_DISSECTOR_PROTOS -DNEED_TCPDUMP_LIKE_FILTER '/cgit.cgi/linux/net-next.git/refs/?id=30a46a4647fd1df9cf52e43bf467f0d9265096ca'>refslogtreecommitdiff
diff options
context:
space:
mode:
authorVegard Nossum <vegard.nossum@oracle.com>2016-07-07 13:41:11 -0700
committerJames Morris <james.l.morris@oracle.com>2016-07-08 10:26:25 +1000
commit30a46a4647fd1df9cf52e43bf467f0d9265096ca (patch)
tree2cec69fc7fc82731f7a1845eba336aeb5d867cc8
parentac904ae6e6f0a56be7b9a1cf66fbd50dd025fb06 (diff)
apparmor: fix oops, validate buffer size in apparmor_setprocattr()
When proc_pid_attr_write() was changed to use memdup_user apparmor's (interface violating) assumption that the setprocattr buffer was always a single page was violated. The size test is not strictly speaking needed as proc_pid_attr_write() will reject anything larger, but for the sake of robustness we can keep it in. SMACK and SELinux look safe to me, but somebody else should probably have a look just in case. Based on original patch from Vegard Nossum <vegard.nossum@oracle.com> modified for the case that apparmor provides null termination. Fixes: bb646cdb12e75d82258c2f2e7746d5952d3e321a Reported-by: Vegard Nossum <vegard.nossum@oracle.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: John Johansen <john.johansen@canonical.com> Cc: Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Eric Paris <eparis@parisplace.org> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: stable@kernel.org Signed-off-by: John Johansen <john.johansen@canonical.com> Reviewed-by: Tyler Hicks <tyhicks@canonical.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat