Commit 87245966 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'Smack-for-6.6' of https://github.com/cschaufler/smack-next

Pull smack updates from Casey Schaufler:
 "Two minor fixes: is a simple spelling fix. The other is a bounds check
  for a very likely underflow"

* tag 'Smack-for-6.6' of https://github.com/cschaufler/smack-next:
  smackfs: Prevent underflow in smk_set_cipso()
  security: smack: smackfs: fix typo (lables->labels)
parents 1a35914f 3ad49d37
...@@ -114,7 +114,7 @@ struct smack_known *smack_syslog_label; ...@@ -114,7 +114,7 @@ struct smack_known *smack_syslog_label;
* SMACK_PTRACE_DEFAULT regular smack ptrace rules (/proc based) * SMACK_PTRACE_DEFAULT regular smack ptrace rules (/proc based)
* SMACK_PTRACE_EXACT labels must match, but can be overriden with * SMACK_PTRACE_EXACT labels must match, but can be overriden with
* CAP_SYS_PTRACE * CAP_SYS_PTRACE
* SMACK_PTRACE_DRACONIAN lables must match, CAP_SYS_PTRACE has no effect * SMACK_PTRACE_DRACONIAN labels must match, CAP_SYS_PTRACE has no effect
*/ */
int smack_ptrace_rule = SMACK_PTRACE_DEFAULT; int smack_ptrace_rule = SMACK_PTRACE_DEFAULT;
...@@ -896,7 +896,7 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf, ...@@ -896,7 +896,7 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
} }
ret = sscanf(rule, "%d", &catlen); ret = sscanf(rule, "%d", &catlen);
if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM) if (ret != 1 || catlen < 0 || catlen > SMACK_CIPSO_MAXCATNUM)
goto out; goto out;
if (format == SMK_FIXED24_FMT && if (format == SMK_FIXED24_FMT &&
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment