From 3d14d8d2d0c5b6fa02d592376b9b04ac7b7f6ab4 Mon Sep 17 00:00:00 2001
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Date: Tue, 8 Oct 2013 16:17:23 +0300
Subject: [PATCH] Fix: allow CIPSO labels with zero categories

There was false restriction in smack_cipso_add_from_file() that
disallowed CIPSO labels without categories.

For example, this example given in the SMACK kernel documentation
should be perfectly legal:

TopSecret 7
(cherry picked from commit 4e4ea9142727ca7f14bf1d64cd81949b28bb1d0b)
---
 libsmack/libsmack.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsmack/libsmack.c b/libsmack/libsmack.c
index ac58dd2..1adc68e 100644
--- a/libsmack/libsmack.c
+++ b/libsmack/libsmack.c
@@ -437,7 +437,7 @@ int smack_cipso_add_from_file(struct smack_cipso *cipso, int fd)
 		label = strtok_r(buf, " \t\n", &ptr);
 		level = strtok_r(NULL, " \t\n", &ptr);
 		cat = strtok_r(NULL, " \t\n", &ptr);
-		if (label == NULL || cat == NULL || level == NULL ||
+		if (label == NULL || level == NULL ||
 		    strlen(label) > SMACK_LABEL_LEN) {
 			errno = EINVAL;
 			goto err_out;
-- 
2.7.4