From 718de65db3d4f3772006fd2c98fe597f2faf078a Mon Sep 17 00:00:00 2001
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Date: Sun, 1 Dec 2013 16:51:04 +0200
Subject: [PATCH] libsmack: check in accesses_apply() that rule has short
 labels

Check rule has short labels when only 'load' is available.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
 libsmack/libsmack.c | 22 +++++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/libsmack/libsmack.c b/libsmack/libsmack.c
index 9116422..f7ce313 100644
--- a/libsmack/libsmack.c
+++ b/libsmack/libsmack.c
@@ -33,6 +33,7 @@
 #include <limits.h>
 #include <sys/xattr.h>
 
+#define SHORT_LABEL_LEN 23
 #define ACC_LEN 5
 #define LOAD_LEN (2 * (SMACK_LABEL_LEN + 1) + 2 * ACC_LEN + 1)
 
@@ -63,6 +64,8 @@ extern char *smackfs_mnt;
 struct smack_rule {
 	char subject[SMACK_LABEL_LEN + 1];
 	char object[SMACK_LABEL_LEN + 1];
+	int subject_len;
+	int object_len;
 	int allow_code;
 	int deny_code;
 	struct smack_rule *next;
@@ -186,8 +189,9 @@ int smack_accesses_add(struct smack_accesses *handle, const char *subject,
 	if (rule == NULL)
 		return -1;
 
-	if (get_label(rule->subject, subject) < 0 ||
-	    get_label(rule->object, object) < 0) {
+	rule->subject_len = get_label(rule->subject, subject);
+	rule->object_len = get_label(rule->object, object);
+	if (rule->subject_len < 0 || rule->object_len < 0) {
 		free(rule);
 		return -1;
 	}
@@ -221,8 +225,9 @@ int smack_accesses_add_modify(struct smack_accesses *handle,
 	if (rule == NULL)
 		return -1;
 
-	if (get_label(rule->subject, subject) < 0 ||
-	    get_label(rule->object, object) < 0) {
+	rule->subject_len = get_label(rule->subject, subject);
+	rule->object_len = get_label(rule->object, object);
+	if (rule->subject_len < 0 || rule->object_len < 0) {
 		free(rule);
 		return -1;
 	}
@@ -697,10 +702,17 @@ static int accesses_apply(struct smack_accesses *handle, int clear)
 				ret = snprintf(buf, LOAD_LEN + 1, KERNEL_LONG_FORMAT,
 					       rule->subject, rule->object,
 					       allow_str);
-			else
+			else {
+				if (rule->subject_len > SHORT_LABEL_LEN ||
+				    rule->object_len > SHORT_LABEL_LEN) {
+					ret = -1;
+					goto err_out;
+				}
+
 				ret = snprintf(buf, LOAD_LEN + 1, KERNEL_SHORT_FORMAT,
 					       rule->subject, rule->object,
 					       allow_str);
+			}
 		}
 
 		if (ret < 0) {
-- 
2.7.4