[PATCH] security/smack/smack.h: Fix smk_known length

[PATCH] security/smack/smack.h: Fix smk_known length

[wzt wzt]

in security/smack/smack.h:
struct smack_known {
        struct list_head        list;
        char                    smk_known[SMK_LABELLEN];
but in security/smack/smack_access.c
void smack_from_cipso(u32 level, char *cp, char *result)
{
        strncpy(result, final, SMK_MAXLEN);
}
miss '\0'.

Signed-off-by: wzt <wzt.wzt@gmail.com>
Cc: Jmorris <jmorris@namei.org>

diff --git a/security/smack/smack.h b/security/smack/smack.h
index c6e9aca..600474b 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -109,7 +109,7 @@ struct smk_netlbladdr {
  */
 struct smack_known {
        struct list_head        list;
-       char                    smk_known[SMK_LABELLEN];
+       char                    smk_known[SMK_LABELLEN + 1]; /*
smk_known + \0 */
        u32                     smk_secid;
        struct smack_cipso      *smk_cipso;
        spinlock_t              smk_cipsolock; /* for changing cipso map */

Re: [PATCH] security/smack/smack.h: Fix smk_known length

[James Morris]

(note: please copy security/ patches to the LSM list, cc'd, along with the 
Smack maintainer).


On Mon, 8 Feb 2010, wzt wzt wrote:

> in security/smack/smack.h:
> struct smack_known {
>         struct list_head        list;
>         char                    smk_known[SMK_LABELLEN];
> but in security/smack/smack_access.c
> void smack_from_cipso(u32 level, char *cp, char *result)
> {
>         strncpy(result, final, SMK_MAXLEN);
> }
> miss '\0'.
> 
> Signed-off-by: wzt <wzt.wzt@gmail.com>
> Cc: Jmorris <jmorris@namei.org>
> 
> diff --git a/security/smack/smack.h b/security/smack/smack.h
> index c6e9aca..600474b 100644
> --- a/security/smack/smack.h
> +++ b/security/smack/smack.h
> @@ -109,7 +109,7 @@ struct smk_netlbladdr {
>   */
>  struct smack_known {
>         struct list_head        list;
> -       char                    smk_known[SMK_LABELLEN];
> +       char                    smk_known[SMK_LABELLEN + 1]; /*
> smk_known + \0 */
>         u32                     smk_secid;
>         struct smack_cipso      *smk_cipso;
>         spinlock_t              smk_cipsolock; /* for changing cipso map */
> 

-- 
James Morris
<jmorris@namei.org>

Re: [PATCH] security/smack/smack.h: Fix smk_known length

[Casey Schaufler]

James Morris wrote:
> (note: please copy security/ patches to the LSM list, cc'd, along with the 
> Smack maintainer).
>
>
> On Mon, 8 Feb 2010, wzt wzt wrote:
>
>   
>> in security/smack/smack.h:
>> struct smack_known {
>>         struct list_head        list;
>>         char                    smk_known[SMK_LABELLEN];
>> but in security/smack/smack_access.c
>> void smack_from_cipso(u32 level, char *cp, char *result)
>> {
>>         strncpy(result, final, SMK_MAXLEN);
>> }
>> miss '\0'.
>>
>> Signed-off-by: wzt <wzt.wzt@gmail.com>
>> Cc: Jmorris <jmorris@namei.org>
>>
>> diff --git a/security/smack/smack.h b/security/smack/smack.h
>> index c6e9aca..600474b 100644
>> --- a/security/smack/smack.h
>> +++ b/security/smack/smack.h
>> @@ -109,7 +109,7 @@ struct smk_netlbladdr {
>>   */
>>  struct smack_known {
>>         struct list_head        list;
>> -       char                    smk_known[SMK_LABELLEN];
>> +       char                    smk_known[SMK_LABELLEN + 1]; /*
>> smk_known + \0 */
>>     

SMK_LABELLEN is already SMK_MAXLEN+1. That's why the strncpy() above
uses SMK_MAXLEN, so that maximum copied will be SMK_MAXLEN+1, including
the trailing '\0'. The only possible case it could miss would be a
label that is SMK_LABELLEN (24 bytes) long, and that would be an error
because Smack labels are limited to SMK_MAXLEN (23 bytes) plus the
trailing '\0'. The strncpy() could easily be strcpy(), as only labels
that have been imported or hand crafted in the code will be in "from".


>>         u32                     smk_secid;
>>         struct smack_cipso      *smk_cipso;
>>         spinlock_t              smk_cipsolock; /* for changing cipso map */
>>
>>