projects / platform / kernel / linux-rpi3.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1a28979)
smack: fix logic in smack_inode_init_security function
authorLukasz Pawelczyk <l.pawelczyk@samsung.com>
Wed, 26 Nov 2014 14:31:07 +0000 (15:31 +0100)
committerCasey Schaufler <casey@schaufler-ca.com>
Mon, 19 Jan 2015 17:18:11 +0000 (09:18 -0800)
In principle if this function was called with "value" == NULL and "len"
not NULL it could return different results for the "len" compared to a
case where "name" was not NULL. This is a hypothetical case that does
not exist in the kernel, but it's a logic bug nonetheless.

Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
security/smack/smack_lsm.c patch | blob | history

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index dcfaddd..048d92e 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -800,7 +800,7 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
        if (name)
                *name = XATTR_SMACK_SUFFIX;
 
-       if (value) {
+       if (value && len) {
                rcu_read_lock();
                may = smk_access_entry(skp->smk_known, dsp->smk_known,
                                       &skp->smk_rules);
@@ -821,10 +821,9 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
                *value = kstrdup(isp->smk_known, GFP_NOFS);
                if (*value == NULL)
                        return -ENOMEM;
-       }
 
-       if (len)
                *len = strlen(isp->smk_known);
+       }
 
        return 0;
 }
Domain: System / Kernel; Licenses: GPL-2.0;