diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2023-08-30 09:28:07 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2023-08-30 09:28:07 -0700 |
| commit | 872459663c52f5e8a28c0cb6df08b77d6c24ab46 (patch) | |
| tree | e94f230fd46d7c93ffdc632055bfd8ec9bc14e33 /security | |
| parent | 1a35914f738c564060a14388f52a06669b09e0b3 (diff) | |
| parent | 3ad49d37cf5759c3b8b68d02e3563f633d9c1aee (diff) | |
Merge tag 'Smack-for-6.6' of https://github.com/cschaufler/smack-next
Pull smack updates from Casey Schaufler:
"Two minor fixes: is a simple spelling fix. The other is a bounds check
for a very likely underflow"
* tag 'Smack-for-6.6' of https://github.com/cschaufler/smack-next:
smackfs: Prevent underflow in smk_set_cipso()
security: smack: smackfs: fix typo (lables->labels)
Diffstat (limited to 'security')
| -rw-r--r-- | security/smack/smackfs.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 5590eaad241b..e22aad7604e8 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -114,7 +114,7 @@ struct smack_known *smack_syslog_label; * SMACK_PTRACE_DEFAULT regular smack ptrace rules (/proc based) * SMACK_PTRACE_EXACT labels must match, but can be overriden with * CAP_SYS_PTRACE - * SMACK_PTRACE_DRACONIAN lables must match, CAP_SYS_PTRACE has no effect + * SMACK_PTRACE_DRACONIAN labels must match, CAP_SYS_PTRACE has no effect */ int smack_ptrace_rule = SMACK_PTRACE_DEFAULT; @@ -896,7 +896,7 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf, } ret = sscanf(rule, "%d", &catlen); - if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM) + if (ret != 1 || catlen < 0 || catlen > SMACK_CIPSO_MAXCATNUM) goto out; if (format == SMK_FIXED24_FMT && |