[PATCH] security/smack/smack.h: Fix smk

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] security/smack/smack.h: Fix smk_known length
@ 2010-02-08 11:41 wzt wzt
  2010-02-08 21:28 ` James Morris
  0 siblings, 1 reply; 3+ messages in thread
From: wzt wzt @ 2010-02-08 11:41 UTC (permalink / raw)
  To: linux-kernel; +Cc: jmorris

in security/smack/smack.h:
struct smack_known {
        struct list_head        list;
        char                    smk_known[SMK_LABELLEN];
but in security/smack/smack_access.c
void smack_from_cipso(u32 level, char *cp, char *result)
{
        strncpy(result, final, SMK_MAXLEN);
}
miss '\0'.

Signed-off-by: wzt <wzt.wzt@gmail.com>
Cc: Jmorris <jmorris@namei.org>

diff --git a/security/smack/smack.h b/security/smack/smack.h
index c6e9aca..600474b 100644
--- a/security/smack/smack.h
+++ b/security/smack/smack.h
@@ -109,7 +109,7 @@ struct smk_netlbladdr {
  */
 struct smack_known {
        struct list_head        list;
-       char                    smk_known[SMK_LABELLEN];
+       char                    smk_known[SMK_LABELLEN + 1]; /*
smk_known + \0 */
        u32                     smk_secid;
        struct smack_cipso      *smk_cipso;
        spinlock_t              smk_cipsolock; /* for changing cipso map */

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] security/smack/smack.h: Fix smk_known length
  2010-02-08 11:41 [PATCH] security/smack/smack.h: Fix smk_known length wzt wzt
@ 2010-02-08 21:28 ` James Morris
  2010-02-09  3:14   ` Casey Schaufler
  0 siblings, 1 reply; 3+ messages in thread
From: James Morris @ 2010-02-08 21:28 UTC (permalink / raw)
  To: wzt wzt; +Cc: linux-kernel, linux-security-module, Casey Schaufler

(note: please copy security/ patches to the LSM list, cc'd, along with the 
Smack maintainer).


On Mon, 8 Feb 2010, wzt wzt wrote:

> in security/smack/smack.h:
> struct smack_known {
>         struct list_head        list;
>         char                    smk_known[SMK_LABELLEN];
> but in security/smack/smack_access.c
> void smack_from_cipso(u32 level, char *cp, char *result)
> {
>         strncpy(result, final, SMK_MAXLEN);
> }
> miss '\0'.
> 
> Signed-off-by: wzt <wzt.wzt@gmail.com>
> Cc: Jmorris <jmorris@namei.org>
> 
> diff --git a/security/smack/smack.h b/security/smack/smack.h
> index c6e9aca..600474b 100644
> --- a/security/smack/smack.h
> +++ b/security/smack/smack.h
> @@ -109,7 +109,7 @@ struct smk_netlbladdr {
>   */
>  struct smack_known {
>         struct list_head        list;
> -       char                    smk_known[SMK_LABELLEN];
> +       char                    smk_known[SMK_LABELLEN + 1]; /*
> smk_known + \0 */
>         u32                     smk_secid;
>         struct smack_cipso      *smk_cipso;
>         spinlock_t              smk_cipsolock; /* for changing cipso map */
> 

-- 
James Morris
<jmorris@namei.org>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] security/smack/smack.h: Fix smk_known length
  2010-02-08 21:28 ` James Morris
@ 2010-02-09  3:14   ` Casey Schaufler
  0 siblings, 0 replies; 3+ messages in thread
From: Casey Schaufler @ 2010-02-09  3:14 UTC (permalink / raw)
  To: James Morris; +Cc: wzt wzt, linux-kernel, linux-security-module

James Morris wrote:
> (note: please copy security/ patches to the LSM list, cc'd, along with the 
> Smack maintainer).
>
>
> On Mon, 8 Feb 2010, wzt wzt wrote:
>
>   
>> in security/smack/smack.h:
>> struct smack_known {
>>         struct list_head        list;
>>         char                    smk_known[SMK_LABELLEN];
>> but in security/smack/smack_access.c
>> void smack_from_cipso(u32 level, char *cp, char *result)
>> {
>>         strncpy(result, final, SMK_MAXLEN);
>> }
>> miss '\0'.
>>
>> Signed-off-by: wzt <wzt.wzt@gmail.com>
>> Cc: Jmorris <jmorris@namei.org>
>>
>> diff --git a/security/smack/smack.h b/security/smack/smack.h
>> index c6e9aca..600474b 100644
>> --- a/security/smack/smack.h
>> +++ b/security/smack/smack.h
>> @@ -109,7 +109,7 @@ struct smk_netlbladdr {
>>   */
>>  struct smack_known {
>>         struct list_head        list;
>> -       char                    smk_known[SMK_LABELLEN];
>> +       char                    smk_known[SMK_LABELLEN + 1]; /*
>> smk_known + \0 */
>>     

SMK_LABELLEN is already SMK_MAXLEN+1. That's why the strncpy() above
uses SMK_MAXLEN, so that maximum copied will be SMK_MAXLEN+1, including
the trailing '\0'. The only possible case it could miss would be a
label that is SMK_LABELLEN (24 bytes) long, and that would be an error
because Smack labels are limited to SMK_MAXLEN (23 bytes) plus the
trailing '\0'. The strncpy() could easily be strcpy(), as only labels
that have been imported or hand crafted in the code will be in "from".


>>         u32                     smk_secid;
>>         struct smack_cipso      *smk_cipso;
>>         spinlock_t              smk_cipsolock; /* for changing cipso map */
>>
>>     



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2010-02-09  3:14 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-02-08 11:41 [PATCH] security/smack/smack.h: Fix smk_known length wzt wzt
2010-02-08 21:28 ` James Morris
2010-02-09  3:14   ` Casey Schaufler

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox