Smack updates for v6.6. Two minor fixes.

-----BEGIN PGP SIGNATURE----- iQJLBAABCAA1FiEEC+9tH1YyUwIQzUIeOKUVfIxDyBEFAmTugE0XHGNhc2V5QHNj aGF1Zmxlci1jYS5jb20ACgkQOKUVfIxDyBEBTxAAvwN8+ZX1rQNsMoY7ZNJrn4gH sSUoRdf2iw49EWaHrphk/klQ69fBtftP9qCBAQugPpuUU5Rhi8K0jJimjLQ6SDU9 2IDY0VJLPSE/PCRcuVbcdHvv1iUtrvIuf3CVL+NxSt53wQw6eN1EbBWi1gV3BXD7 OilxgPH415hQUL7f8NayoG81LDTmlZHPCCjeSaUR+rGPnYN3cAFlPJVnUTd0CitW ecCJWnUOzm5IRjuOSLJzxDKNbaP5YxP6hgOtFnpQAqF13mepRXwF5mYVByxp2QDw Bmp67Vmio4DOdrBIuNUIXpiFHXWem2WvsC/pZB73amwasbiV4iSVCwEhLI/TZrCo Fdi2B/+B4Gdj286LaZgBoq8LIJNBvYpQceGJT6jyxYJO7QOIxvm+2YBBbT+1Rtw8 kVHqADm2TsLZO+EEDHidoTHDp70XLj/KHxE784YLA6RQP0i6a/vP471JgVp8o1eH gP1hiS7M7q9G5dVRRBOcVOflOnIU1ekH5CSvQaGGEHg5WzYo9G2acjj6REai6Ylf LOwXWhjWAMorXbk4oQ99x4I6JTqvxYQyhASvZi0TKF2yWejIfu4JO69MGj5eDKLM 4guk9Bf7TuLsLBGZRaNXRyMo1vEOgxjLde/NsxbFuf+fnHTTEOmdTVZDv8oH3Env 8E95Gj5WtVC+o7yt1Qs= =ynKT -----END PGP SIGNATURE----- Merge tag 'Smack-for-6.6' of https://github.com/cschaufler/smack-next Pull smack updates from Casey Schaufler: "Two minor fixes: is a simple spelling fix. The other is a bounds check for a very likely underflow" * tag 'Smack-for-6.6' of https://github.com/cschaufler/smack-next: smackfs: Prevent underflow in smk_set_cipso() security: smack: smackfs: fix typo (lables->labels)
2024-07-08 20:29:39 +00:00 · 2023-08-30 09:28:07 -07:00 · 2023-08-30 09:28:07 -07:00 · 872459663c
commit 872459663c
parent 1a35914f73 3ad49d37cf
1 changed files with 2 additions and 2 deletions
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@ -114,7 +114,7 @@ struct smack_known *smack_syslog_label;
 * SMACK_PTRACE_DEFAULT    regular smack ptrace rules (/proc based)
 * SMACK_PTRACE_EXACT      labels must match, but can be overriden with
 *			   CAP_SYS_PTRACE
- * SMACK_PTRACE_DRACONIAN  lables must match, CAP_SYS_PTRACE has no effect
+ * SMACK_PTRACE_DRACONIAN  labels must match, CAP_SYS_PTRACE has no effect
 */
 int smack_ptrace_rule = SMACK_PTRACE_DEFAULT;

@ -896,7 +896,7 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
 	}

 	ret = sscanf(rule, "%d", &catlen);
-	if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
+	if (ret != 1 || catlen < 0 || catlen > SMACK_CIPSO_MAXCATNUM)
 		goto out;

 	if (format == SMK_FIXED24_FMT &&