smack: off by one error
Consider the input case of a rule that consists entirely of non space symbols followed by a \0. Say 64 + \0 In this case strlen(data) = 64 kzalloc of subject and object are 64 byte objects sscanfdata, "%s %s %s", subject, ...) will put 65 bytes into subject. Signed-off-by: Alan Cox <alan@linux.intel.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Cc: stable@vger.kernel.org Signed-off-by: James Morris <james.l.morris@oracle.com>
This commit is contained in:
parent
f7da9cdf45
commit
3b9fc37280
1 changed files with 4 additions and 4 deletions
|
@ -323,11 +323,11 @@ static int smk_parse_long_rule(const char *data, struct smack_rule *rule,
|
|||
int datalen;
|
||||
int rc = -1;
|
||||
|
||||
/*
|
||||
* This is probably inefficient, but safe.
|
||||
*/
|
||||
/* This is inefficient */
|
||||
datalen = strlen(data);
|
||||
subject = kzalloc(datalen, GFP_KERNEL);
|
||||
|
||||
/* Our first element can be 64 + \0 with no spaces */
|
||||
subject = kzalloc(datalen + 1, GFP_KERNEL);
|
||||
if (subject == NULL)
|
||||
return -1;
|
||||
object = kzalloc(datalen, GFP_KERNEL);
|
||||
|
|
Loading…
Reference in a new issue