[PATCH 2/2] smack: fix logic in smack_inode_init_security function

From: Lukasz Pawelczyk
Date: Wed Nov 26 2014 - 09:31:48 EST


In principle if this function was called with "value" == NULL and "len"
not NULL it could return different results for the "len" compared to a
case where "name" was not NULL. This is a hypothetical case that does
not exist in the kernel, but it's a logic bug nonetheless.

Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@xxxxxxxxxxx>
---
security/smack/smack_lsm.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index d1b14d5..e8bed86 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -800,7 +800,7 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
if (name)
*name = XATTR_SMACK_SUFFIX;

- if (value) {
+ if (value && len) {
rcu_read_lock();
may = smk_access_entry(skp->smk_known, dsp->smk_known,
&skp->smk_rules);
@@ -821,10 +821,9 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
*value = kstrdup(isp->smk_known, GFP_NOFS);
if (*value == NULL)
return -ENOMEM;
- }

- if (len)
*len = strlen(isp->smk_known);
+ }

return 0;
}
--
1.9.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/