Commit 825a12f0 authored Jul 06, 2023 by Dan Carpenter Committed by Greg Kroah-Hartman Sep 23, 2023

smackfs: Prevent underflow in smk_set_cipso()



[ Upstream commit 3ad49d37cf5759c3b8b68d02e3563f633d9c1aee ]

There is a upper bound to "catlen" but no lower bound to prevent
negatives.  I don't see that this necessarily causes a problem but we
may as well be safe.

Fixes: e114e473 ("Smack: Simplified Mandatory Access Control Kernel")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 7fc11a83

security/smack/smackfs.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -923,7 +923,7 @@ static ssize_t smk_set_cipso(struct file file, const char __user buf,
		}

		ret = sscanf(rule, "%d", &catlen);
		if (ret != 1 \|\| catlen > SMACK_CIPSO_MAXCATNUM)
		if (ret != 1 \|\| catlen < 0 \|\| catlen > SMACK_CIPSO_MAXCATNUM)
		goto out;

		if (format == SMK_FIXED24_FMT &&