diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2020-06-04 20:31:05 +0300 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-06-04 20:31:05 +0300 |
| commit | acf25aa66371359f542d14e8d993b530fe25d7ac (patch) | |
| tree | feacd343b0298371e539248ce04569c86a5113a6 /security/smack/smackfs.c | |
| parent | a484a497c98a0447aca2d70de19d11b1d66e6ef7 (diff) | |
| parent | ef26650a201fbbb4ba90b63a82bf7950f2699a82 (diff) | |
| download | linux-acf25aa66371359f542d14e8d993b530fe25d7ac.tar.xz | |
Merge tag 'Smack-for-5.8' of git://github.com/cschaufler/smack-next
Pull smack updates from Casey Schaufler:
"Clean out dead code and repair an out-of-bounds warning"
* tag 'Smack-for-5.8' of git://github.com/cschaufler/smack-next:
Smack: Remove unused inline function smk_ad_setfield_u_fs_path_mnt
Smack:- Remove redundant inode_smack cache
Smack:- Remove mutex lock "smk_lock" from inode_smack
Smack: slab-out-of-bounds in vsscanf
smack: remove redundant structure variable from header.
smack: avoid unused 'sip' variable warning
Diffstat (limited to 'security/smack/smackfs.c')
| -rw-r--r-- | security/smack/smackfs.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index e3e05c04dbd1..c21b656b3263 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -878,11 +878,21 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf, else rule += strlen(skp->smk_known) + 1; + if (rule > data + count) { + rc = -EOVERFLOW; + goto out; + } + ret = sscanf(rule, "%d", &maplevel); if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL) goto out; rule += SMK_DIGITLEN; + if (rule > data + count) { + rc = -EOVERFLOW; + goto out; + } + ret = sscanf(rule, "%d", &catlen); if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM) goto out; |