summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2023-08-30 09:28:07 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2023-08-30 09:28:07 -0700
commit872459663c52f5e8a28c0cb6df08b77d6c24ab46 (patch)
treee94f230fd46d7c93ffdc632055bfd8ec9bc14e33 /security
parent1a35914f738c564060a14388f52a06669b09e0b3 (diff)
parent3ad49d37cf5759c3b8b68d02e3563f633d9c1aee (diff)
Merge tag 'Smack-for-6.6' of https://github.com/cschaufler/smack-next
Pull smack updates from Casey Schaufler: "Two minor fixes: is a simple spelling fix. The other is a bounds check for a very likely underflow" * tag 'Smack-for-6.6' of https://github.com/cschaufler/smack-next: smackfs: Prevent underflow in smk_set_cipso() security: smack: smackfs: fix typo (lables->labels)
Diffstat (limited to 'security')
-rw-r--r--security/smack/smackfs.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 5590eaad241b..e22aad7604e8 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -114,7 +114,7 @@ struct smack_known *smack_syslog_label;
* SMACK_PTRACE_DEFAULT regular smack ptrace rules (/proc based)
* SMACK_PTRACE_EXACT labels must match, but can be overriden with
* CAP_SYS_PTRACE
- * SMACK_PTRACE_DRACONIAN lables must match, CAP_SYS_PTRACE has no effect
+ * SMACK_PTRACE_DRACONIAN labels must match, CAP_SYS_PTRACE has no effect
*/
int smack_ptrace_rule = SMACK_PTRACE_DEFAULT;
@@ -896,7 +896,7 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
}
ret = sscanf(rule, "%d", &catlen);
- if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
+ if (ret != 1 || catlen < 0 || catlen > SMACK_CIPSO_MAXCATNUM)
goto out;
if (format == SMK_FIXED24_FMT &&