git.samba.org / sfrench / cifs-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Smack: fix another vsscanf out of bounds
[sfrench/cifs-2.6.git] / security / smack / smackfs.c
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 840a192e93370d4fd11e1c11a70efa20c533fc61..2bae1fc493d163c81dce33b55cef432939b13718 100644 (file)
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -905,6 +905,10 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
 
        for (i = 0; i < catlen; i++) {
                rule += SMK_DIGITLEN;
+               if (rule > data + count) {
+                       rc = -EOVERFLOW;
+                       goto out;
+               }
                ret = sscanf(rule, "%u", &cat);
                if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM)
                        goto out;
Unnamed repository; edit this file 'description' to name the repository.