#include <limits.h>
#include <sys/xattr.h>
+#define SHORT_LABEL_LEN 23
#define ACC_LEN 5
#define LOAD_LEN (2 * (SMACK_LABEL_LEN + 1) + 2 * ACC_LEN + 1)
struct smack_rule {
char subject[SMACK_LABEL_LEN + 1];
char object[SMACK_LABEL_LEN + 1];
+ int subject_len;
+ int object_len;
int allow_code;
int deny_code;
struct smack_rule *next;
if (rule == NULL)
return -1;
- if (get_label(rule->subject, subject) < 0 ||
- get_label(rule->object, object) < 0) {
+ rule->subject_len = get_label(rule->subject, subject);
+ rule->object_len = get_label(rule->object, object);
+ if (rule->subject_len < 0 || rule->object_len < 0) {
free(rule);
return -1;
}
if (rule == NULL)
return -1;
- if (get_label(rule->subject, subject) < 0 ||
- get_label(rule->object, object) < 0) {
+ rule->subject_len = get_label(rule->subject, subject);
+ rule->object_len = get_label(rule->object, object);
+ if (rule->subject_len < 0 || rule->object_len < 0) {
free(rule);
return -1;
}
ret = snprintf(buf, LOAD_LEN + 1, KERNEL_LONG_FORMAT,
rule->subject, rule->object,
allow_str);
- else
+ else {
+ if (rule->subject_len > SHORT_LABEL_LEN ||
+ rule->object_len > SHORT_LABEL_LEN) {
+ ret = -1;
+ goto err_out;
+ }
+
ret = snprintf(buf, LOAD_LEN + 1, KERNEL_SHORT_FORMAT,
rule->subject, rule->object,
allow_str);
+ }
}
if (ret < 0) {