selinuxfs snprintf() misuses (cc1dad71) · Commits · e / devices / android_kernel_teracube_2e

security/selinux/selinuxfs.c

+7 −29

Original line number	Diff line number	Diff line
		@@ -1259,12 +1259,8 @@ static int sel_make_bools(void)
		if (!inode)
		goto out;

		ret = -EINVAL;
		len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
		if (len < 0)
		goto out;

		ret = -ENAMETOOLONG;
		len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
		if (len >= PAGE_SIZE)
		goto out;

		@@ -1557,19 +1553,10 @@ static inline u32 sel_ino_to_perm(unsigned long ino)
		static ssize_t sel_read_class(struct file file, char __user buf,
		size_t count, loff_t *ppos)
		{
		ssize_t rc, len;
		char *page;
		unsigned long ino = file->f_path.dentry->d_inode->i_ino;

		page = (char *)__get_free_page(GFP_KERNEL);
		if (!page)
		return -ENOMEM;

		len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_class(ino));
		rc = simple_read_from_buffer(buf, count, ppos, page, len);
		free_page((unsigned long)page);

		return rc;
		char res[TMPBUFLEN];
		ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
		return simple_read_from_buffer(buf, count, ppos, res, len);
		}

		static const struct file_operations sel_class_ops = {
		@@ -1580,19 +1567,10 @@ static const struct file_operations sel_class_ops = {
		static ssize_t sel_read_perm(struct file file, char __user buf,
		size_t count, loff_t *ppos)
		{
		ssize_t rc, len;
		char *page;
		unsigned long ino = file->f_path.dentry->d_inode->i_ino;

		page = (char *)__get_free_page(GFP_KERNEL);
		if (!page)
		return -ENOMEM;

		len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_perm(ino));
		rc = simple_read_from_buffer(buf, count, ppos, page, len);
		free_page((unsigned long)page);

		return rc;
		char res[TMPBUFLEN];
		ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
		return simple_read_from_buffer(buf, count, ppos, res, len);
		}

		static const struct file_operations sel_perm_ops = {