Merge tag 'Smack-for-5.9' of git://github.com/cschaufler/smack-next

[sfrench/cifs-2.6.git] / security / smack / smackfs.c

diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index c21b656b32631e1be2d95e2f72c143da73a746ea..9c4308077574c1cebd3690a4e98bbebb4e201fd5 100644 (file)
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -884,7 +884,7 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
        }
 
        ret = sscanf(rule, "%d", &maplevel);
-       if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL)
+       if (ret != 1 || maplevel < 0 || maplevel > SMACK_CIPSO_MAXLEVEL)
                goto out;
 
        rule += SMK_DIGITLEN;
@@ -905,6 +905,10 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
 
        for (i = 0; i < catlen; i++) {
                rule += SMK_DIGITLEN;
+               if (rule > data + count) {
+                       rc = -EOVERFLOW;
+                       goto out;
+               }
                ret = sscanf(rule, "%u", &cat);
                if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM)
                        goto out;
@@ -2720,7 +2724,6 @@ static int smk_open_relabel_self(struct inode *inode, struct file *file)
 static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf,
                                size_t count, loff_t *ppos)
 {
-       struct task_smack *tsp = smack_cred(current_cred());
        char *data;
        int rc;
        LIST_HEAD(list_tmp);
@@ -2745,11 +2748,21 @@ static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf,
        kfree(data);
 
        if (!rc || (rc == -EINVAL && list_empty(&list_tmp))) {
+               struct cred *new;
+               struct task_smack *tsp;
+
+               new = prepare_creds();
+               if (!new) {
+                       rc = -ENOMEM;
+                       goto out;
+               }
+               tsp = smack_cred(new);
                smk_destroy_label_list(&tsp->smk_relabel);
                list_splice(&list_tmp, &tsp->smk_relabel);
+               commit_creds(new);
                return count;
        }
-
+out:
        smk_destroy_label_list(&list_tmp);
        return rc;
 }