From 50d247104ac2926dbe98b75b8c40dfa7ada4e190 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen@canonical.com>
Date: Sat, 9 Oct 2010 00:47:53 -0700
Subject: [PATCH] --- yaml --- r: 211674 b: refs/heads/master c:
 3ed02ada2a5e695e2fbb5e4a0008cfcb0f50feaa h: refs/heads/master v: v3

---
 [refs]                               | 2 +-
 trunk/security/apparmor/apparmorfs.c | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/[refs] b/[refs]
index 621e3f8110d7..ffa44593730e 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 9f1c1d426b0402b25cd0d7ca719ffc8e20e46d5f
+refs/heads/master: 3ed02ada2a5e695e2fbb5e4a0008cfcb0f50feaa
diff --git a/trunk/security/apparmor/apparmorfs.c b/trunk/security/apparmor/apparmorfs.c
index 7320331b44ab..544ff5837cb6 100644
--- a/trunk/security/apparmor/apparmorfs.c
+++ b/trunk/security/apparmor/apparmorfs.c
@@ -29,7 +29,7 @@
  * aa_simple_write_to_buffer - common routine for getting policy from user
  * @op: operation doing the user buffer copy
  * @userbuf: user buffer to copy data from  (NOT NULL)
- * @alloc_size: size of user buffer
+ * @alloc_size: size of user buffer (REQUIRES: @alloc_size >= @copy_size)
  * @copy_size: size of data to copy from user buffer
  * @pos: position write is at in the file (NOT NULL)
  *
@@ -42,6 +42,8 @@ static char *aa_simple_write_to_buffer(int op, const char __user *userbuf,
 {
 	char *data;
 
+	BUG_ON(copy_size > alloc_size);
+
 	if (*pos != 0)
 		/* only writes from pos 0, that is complete writes */
 		return ERR_PTR(-ESPIPE);