Re: [PATCH] smack:beyond ARRAY_SIZE of data

[Roel Kluin]

Do not go beyond ARRAY_SIZE of data

Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx>
---
>> -	if (count < SMK_NETLBLADDRMIN || count > SMK_NETLBLADDRMAX)
>> +	if (count < SMK_NETLBLADDRMIN || count >= SMK_NETLBLADDRMAX)
>>   
> 
> There is a problem here, but this won't fix it. The buffer needs to be
> allocated bigger than the potential contents (should be
> SMK_NETLBLADDRMAX + 1 instead of SMK_NETLBLADDRMAX. Your patch will clip
> the last byte off of a maximum length specification.

Ok, how about this?

diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index e03a7e1..10a4604 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -775,7 +775,7 @@ static ssize_t smk_write_netlbladdr(struct file *file, const char __user *buf,
 	struct sockaddr_in newname;
 	char smack[SMK_LABELLEN];
 	char *sp;
-	char data[SMK_NETLBLADDRMAX];
+	char data[SMK_NETLBLADDRMAX + 1];
 	char *host = (char *)&newname.sin_addr.s_addr;
 	int rc;
 	struct netlbl_audit audit_info;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/