TOMOYO: Fix wrong domainname validation.
Tetsuo Handa [Wed, 11 May 2011 21:40:51 +0000 (06:40 +0900)]
In tomoyo_correct_domain() since 2.6.36, TOMOYO was by error validating
"<kernel>" + "/foo/\" + "/bar" when "<kernel> /foo/\* /bar" was given.
As a result, legal domainnames like "<kernel> /foo/\* /bar" are rejected.

Reported-by: Hayama Yossihiro <yossi@yedo.src.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

security/tomoyo/util.c

index 9bfc1ee..6d53932 100644 (file)
@@ -390,7 +390,7 @@ bool tomoyo_correct_domain(const unsigned char *domainname)
                if (!cp)
                        break;
                if (*domainname != '/' ||
-                   !tomoyo_correct_word2(domainname, cp - domainname - 1))
+                   !tomoyo_correct_word2(domainname, cp - domainname))
                        goto out;
                domainname = cp + 1;
        }