Zero-length security labels are invalid but kernel should handle them.
This patch fixes kernel panic after setting zero-length security labels:
And after writing zero-length string into smackfs files syslog and onlycp:
The problem is caused by brain-damaged logic in function smk_parse_smack()
which takes pointer to buffer and its length but if length below or equal zero
it thinks that the buffer is zero-terminated. Unfortunately callers of this
function are widely used and proper fix requires serious refactoring.
Change-Id: I931735ccfaea4d8d2f0a98eacf8467f0a8359bc6
Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
rc = -EPERM;
if (rc == 0 && check_import) {
- skp = smk_import_entry(value, size);
+ skp = size ? smk_import_entry(value, size) : NULL;
if (skp == NULL || (check_star &&
(skp == &smack_known_star || skp == &smack_known_web)))
rc = -EINVAL;
if (smack_onlycap != NULL && smack_onlycap != skp)
return -EPERM;
- data = kzalloc(count, GFP_KERNEL);
+ data = kzalloc(count + 1, GFP_KERNEL);
if (data == NULL)
return -ENOMEM;
if (!smack_privileged(CAP_MAC_ADMIN))
return -EPERM;
- data = kzalloc(count, GFP_KERNEL);
+ data = kzalloc(count + 1, GFP_KERNEL);
if (data == NULL)
return -ENOMEM;
projects / profile / common / kernel-common.git / commitdiff