From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2943B3D5667; Mon, 4 May 2026 14:12:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777903931; cv=none; b=lzGhoL1gyRPEgA43EM+H0p1IqLfec1f/WLLgZxBnxKX0n0/QFQoVkYiH1KYpNAz8/Dmyr6V20Q9cEYIJKbuxDzmGQtPQsThp38F1D/QIP4rxPuvt/gCm0yzYbB5tlM1qEhvXgoPjGHYLY6JK0AZvBhKHAZcU3G9lUSfntX6kNic= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1777903931; c=relaxed/simple; bh=ye9jS2kGX9HVlNBwTys+ZnW/Z4fCNsvXd3eQtBKDI7Q=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=TBZPT3lflzmDbORf002N7oSsDzVONGiMB1D/abZvbEYnbwsdHQr9y8uIYOQAWRC870qMGRrcRIjXI1F9ScQeDR1MgVjyqCceSJ/1Ko0I7BGS7XGsNhektrhsCsMd7ibbrlE4rFGGvBAWRTLI7QTZ16DlpbWP0qzqmv2J2ssElOQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=aPyfpu7T; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="aPyfpu7T" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6BC91C2BCB8; Mon, 4 May 2026 14:12:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1777903930; bh=ye9jS2kGX9HVlNBwTys+ZnW/Z4fCNsvXd3eQtBKDI7Q=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aPyfpu7TQqfdFzaG8gdMqldQhf1ELWw/IFpAbN637RDeES0p86pBpirrZW3JfpDZD RDVAXJotxiXUnKXxpFoc1q7NHy3GAeSTDBkrCNFaUKjj3raZU0zX1Kys9gfU4h0v7t vl5djmQYdDoneoAL5w4DQvOSZRn+E01sykgyhEM0= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, =?UTF-8?q?G=C3=BCnther=20Noack?= , =?UTF-8?q?G=C3=BCnther=20Noack?= , =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= Subject: [PATCH 6.18 090/275] selftests/landlock: Fix snprintf truncation checks in audit helpers Date: Mon, 4 May 2026 15:50:30 +0200 Message-ID: <20260504135146.263738784@linuxfoundation.org> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260504135142.929052779@linuxfoundation.org> References: <20260504135142.929052779@linuxfoundation.org> User-Agent: quilt/0.69 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 6.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Mickaël Salaün commit b566f7a4f0e4f15f78f2e5fac273fa954991e03a upstream. snprintf() returns the number of characters that would have been written, excluding the terminating NUL byte. When the output is truncated, this return value equals or exceeds the buffer size. Fix matches_log_domain_allocated() and matches_log_domain_deallocated() to detect truncation with ">=" instead of ">". Cc: Günther Noack Cc: stable@vger.kernel.org Fixes: 6a500b22971c ("selftests/landlock: Add tests for audit flags and domain IDs") Reviewed-by: Günther Noack Link: https://lore.kernel.org/r/20260402192608.1458252-2-mic@digikod.net Signed-off-by: Mickaël Salaün Signed-off-by: Greg Kroah-Hartman --- tools/testing/selftests/landlock/audit.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/tools/testing/selftests/landlock/audit.h +++ b/tools/testing/selftests/landlock/audit.h @@ -309,7 +309,7 @@ static int __maybe_unused matches_log_do log_match_len = snprintf(log_match, sizeof(log_match), log_template, pid); - if (log_match_len > sizeof(log_match)) + if (log_match_len >= sizeof(log_match)) return -E2BIG; return audit_match_record(audit_fd, AUDIT_LANDLOCK_DOMAIN, log_match, @@ -326,7 +326,7 @@ static int __maybe_unused matches_log_do log_match_len = snprintf(log_match, sizeof(log_match), log_template, num_denials); - if (log_match_len > sizeof(log_match)) + if (log_match_len >= sizeof(log_match)) return -E2BIG; return audit_match_record(audit_fd, AUDIT_LANDLOCK_DOMAIN, log_match,