Smack: handle zero-length security labels without panic (b862e561) · Commits · 戴 / test

Zero-length security labels are invalid but kernel should handle them. This patch fixes kernel panic after setting zero-length security labels: # attr -S -s "SMACK64" -V "" file And after writing zero-length string into smackfs files syslog and onlycp: # python -c 'import os; os.write(1, "")' > /smack/syslog The problem is caused by brain-damaged logic in function smk_parse_smack() which takes pointer to buffer and its length but if length below or equal zero it thinks that the buffer is zero-terminated. Unfortunately callers of this function are widely used and proper fix requires serious refactoring. Signed-off-by:

Konstantin Khlebnikov <k.khlebnikov@samsung.com>

security/smack/smack_lsm.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -923,7 +923,7 @@ static int smack_inode_setxattr(struct dentry dentry, const char name,
		rc = -EPERM;

		if (rc == 0 && check_import) {
		skp = smk_import_entry(value, size);
		skp = size ? smk_import_entry(value, size) : NULL;
		if (skp == NULL \|\| (check_star &&
		(skp == &smack_known_star \|\| skp == &smack_known_web)))
		rc = -EINVAL;

security/smack/smackfs.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1677,7 +1677,7 @@ static ssize_t smk_write_onlycap(struct file file, const char __user buf,
		if (smack_onlycap != NULL && smack_onlycap != skp)
		return -EPERM;

		data = kzalloc(count, GFP_KERNEL);
		data = kzalloc(count + 1, GFP_KERNEL);
		if (data == NULL)
		return -ENOMEM;

		@@ -2228,7 +2228,7 @@ static ssize_t smk_write_syslog(struct file file, const char __user buf,
		if (!smack_privileged(CAP_MAC_ADMIN))
		return -EPERM;

		data = kzalloc(count, GFP_KERNEL);
		data = kzalloc(count + 1, GFP_KERNEL);
		if (data == NULL)
		return -ENOMEM;

Admin message