On 8/7/2012 3:24 PM, Greg Kroah-Hartman wrote: > From: Greg KH <gre...@linuxfoundation.org> > > 3.5-stable review patch. If anyone has any objections, please let me know.
No objection here. > > ------------------ > > From: Alan Cox <a...@linux.intel.com> > > commit 3b9fc37280c521b086943f9aedda767f5bf3b2d3 upstream. > > Consider the input case of a rule that consists entirely of non space > symbols followed by a \0. Say 64 + \0 > > In this case strlen(data) = 64 > kzalloc of subject and object are 64 byte objects > sscanfdata, "%s %s %s", subject, ...) > > will put 65 bytes into subject. > > Signed-off-by: Alan Cox <a...@linux.intel.com> > Acked-by: Casey Schaufler <ca...@schaufler-ca.com> > Signed-off-by: James Morris <james.l.mor...@oracle.com> > Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> > > --- > security/smack/smackfs.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > --- a/security/smack/smackfs.c > +++ b/security/smack/smackfs.c > @@ -325,11 +325,11 @@ static int smk_parse_long_rule(const cha > int datalen; > int rc = -1; > > - /* > - * This is probably inefficient, but safe. > - */ > + /* This is inefficient */ > datalen = strlen(data); > - subject = kzalloc(datalen, GFP_KERNEL); > + > + /* Our first element can be 64 + \0 with no spaces */ > + subject = kzalloc(datalen + 1, GFP_KERNEL); > if (subject == NULL) > return -1; > object = kzalloc(datalen, GFP_KERNEL); > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
