Re: [PATCH 2/2] smack: fix logic in smack_inode_init_security function
From: Casey Schaufler
Date: Mon Dec 01 2014 - 16:34:10 EST
On 11/26/2014 6:31 AM, Lukasz Pawelczyk wrote:
> In principle if this function was called with "value" == NULL and "len"
> not NULL it could return different results for the "len" compared to a
> case where "name" was not NULL. This is a hypothetical case that does
> not exist in the kernel, but it's a logic bug nonetheless.
>
> Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
Applied to git://git.gitorious.org/smack-next/kernel.git#smack-for-3.20
> ---
> security/smack/smack_lsm.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index d1b14d5..e8bed86 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -800,7 +800,7 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
> if (name)
> *name = XATTR_SMACK_SUFFIX;
>
> - if (value) {
> + if (value && len) {
> rcu_read_lock();
> may = smk_access_entry(skp->smk_known, dsp->smk_known,
> &skp->smk_rules);
> @@ -821,10 +821,9 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
> *value = kstrdup(isp->smk_known, GFP_NOFS);
> if (*value == NULL)
> return -ENOMEM;
> - }
>
> - if (len)
> *len = strlen(isp->smk_known);
> + }
>
> return 0;
> }
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/