Re: [PATCH] smack:beyond ARRAY_SIZE of data
From: Roel Kluin
Date: Thu May 21 2009 - 12:43:13 EST
Do not go beyond ARRAY_SIZE of data
Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx>
---
>> - if (count < SMK_NETLBLADDRMIN || count > SMK_NETLBLADDRMAX)
>> + if (count < SMK_NETLBLADDRMIN || count >= SMK_NETLBLADDRMAX)
>>
>
> There is a problem here, but this won't fix it. The buffer needs to be
> allocated bigger than the potential contents (should be
> SMK_NETLBLADDRMAX + 1 instead of SMK_NETLBLADDRMAX. Your patch will clip
> the last byte off of a maximum length specification.
Ok, how about this?
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index e03a7e1..10a4604 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -775,7 +775,7 @@ static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf,
struct sockaddr_in newname;
char smack[SMK_LABELLEN];
char *sp;
- char data[SMK_NETLBLADDRMAX];
+ char data[SMK_NETLBLADDRMAX + 1];
char *host = (char *)&newname.sin_addr.s_addr;
int rc;
struct netlbl_audit audit_info;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/