security: cap_inode_getsecctx returning garbage
authorJ. Bruce Fields <bfields@redhat.com>
Wed, 8 May 2013 22:05:41 +0000 (18:05 -0400)
committerJ. Bruce Fields <bfields@redhat.com>
Mon, 13 May 2013 14:11:46 +0000 (10:11 -0400)
commit0d422afb892e3f993cf934b76a2c2ef839c446e0
tree3452717e0d811102b87ad71e9039df39cf7ef112
parent4f540e29dc20b87d460559bce184d2238237f48b
security: cap_inode_getsecctx returning garbage

We shouldn't be returning success from this function without also
filling in the return values ctx and ctxlen.

Note currently this doesn't appear to cause bugs since the only
inode_getsecctx caller I can find is fs/sysfs/inode.c, which only calls
this if security_inode_setsecurity succeeds.  Assuming
security_inode_setsecurity is set to cap_inode_setsecurity whenever
inode_getsecctx is set to cap_inode_getsecctx, this function can never
actually called.

So I noticed this only because the server labeled NFS patches add a real
caller.

Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
security/capability.c