From patchwork Thu Jul 6 05:52:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Carpenter X-Patchwork-Id: 116520 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2344658vqx; Wed, 5 Jul 2023 23:12:36 -0700 (PDT) X-Google-Smtp-Source: APBJJlGaIA/82BJhB5d9tAtoFh8GPUZM+DGCVOsXh7A39dOJHjHKTWoXnjhq9G4wDLeCnIEALKqV X-Received: by 2002:a05:6a20:7484:b0:11f:33da:56ec with SMTP id p4-20020a056a20748400b0011f33da56ecmr958147pzd.27.1688623955779; Wed, 05 Jul 2023 23:12:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688623955; cv=none; d=google.com; s=arc-20160816; b=qsvszB3q6Xi6vyJaB+maHASi5kHYiaoaC8BVTE1x0fZEp9onDtW9+jNsDtdDY7uaJz FVOMiWmY/SBpZDK9dV/kVvYQNXdYBQYk06Yv4eQvE0/DJut4KaYAgopvysZIRQSIsejO ZMDklsA84HMCcg4Qxs2F3JkdllsivkbDk3OO2POZRwDa3PiPdn9TqFUMNoLhnuRRG6ry L2Ov4P30vm+N/O3asPA1Wy561y8kQsvhL5lyq6Rj1CVFDYcrT6MxJL/jr0GM0FZ2FeMb NqBoAPuCVM6WeRByfGfooo4tVd0FWf/ZSjd8ZAPdkPUtlqG8oQog1U6fYhxooOPx1I78 HkVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-disposition:mime-version:message-id :subject:cc:to:from:date:dkim-signature; bh=QmghjAxIZETM80Y4eowuI0+E6FG3YgixB48nOwNbm9o=; fh=JpGsDJr2RT/V31uL5ZsrFeZdUESe3rPVFybd/f6f0PA=; b=hIxhR/Jz03SJALAhTO2TUwUszx2SyXKz4xIPlsE60WO0js2GRxgoTP3o4xn+itbMx4 ZvJirTvBi9Ibp/jRnlIAAg9+Z6gIbA1mBd1pmK75v8INUeoPvyOUJUHhcU1fiPAE/1HG 3TBFbQP7aQGAagnv+TpTYm/GxAdYo1jX4bPmiGVS1YnwrZuK4qwKhGUq1Q6Pc5Fp57dg 7zl7x1zSQWmhBxindOw6uCYSFbL7+HpaDR0A0n4AiVXsg6VIq3B3kfHupsSp3/GmEsc6 5EV3iof9tJkdVde5g+PdjkwJP1llZjwljKFrjMnQOPEEPnTvFCqJ8FyYyRNbLe7W45vL 9BSQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="fijStf/B"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l13-20020a63570d000000b0053fee209655si763085pgb.664.2023.07.05.23.12.21; Wed, 05 Jul 2023 23:12:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="fijStf/B"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232730AbjGFFwt (ORCPT + 99 others); Thu, 6 Jul 2023 01:52:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33792 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232583AbjGFFwr (ORCPT ); Thu, 6 Jul 2023 01:52:47 -0400 Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D050A1732 for ; Wed, 5 Jul 2023 22:52:45 -0700 (PDT) Received: by mail-wr1-x42f.google.com with SMTP id ffacd0b85a97d-3144098df56so238204f8f.2 for ; Wed, 05 Jul 2023 22:52:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1688622764; x=1691214764; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :from:to:cc:subject:date:message-id:reply-to; bh=QmghjAxIZETM80Y4eowuI0+E6FG3YgixB48nOwNbm9o=; b=fijStf/B9+AaMmivN5Y7sR0r3hGVdHsGhuNl+G+aRAtLdP3jH3ZPz7/vkKqUWhe6Bk BP9VQUm/JxQBF2bob8wpUcm7qduGQNN/nKCXdc8azilpt5LbSK/PthyyqM6bGmUS1VQu x4nM4WX0jK3YD6uvsxZLAbAmTP0fBmfSTzYSqwcVkXBfJd5710+M3qUgX28cY4gtxKdH qGe5JAl1KOfNr5J2j7DrpN0RfoDG2gyihrYgIWTgLU5O7axu0UW3e8/tfUhwq+IcQz5n p1x956FfC5vuAWCcQrNq3/DEThZQWG9sU2z3dyS+MZJicozt8Amk+wpDUQozbnX/u+fc YAqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688622764; x=1691214764; h=content-disposition:mime-version:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=QmghjAxIZETM80Y4eowuI0+E6FG3YgixB48nOwNbm9o=; b=SBj9ildATE+LlU8LXm394syPGbPxHaFy2lHNJ+scETNcCtg8tpOEpS8+etLYTvwVkP B2neZ892Pp0/+dhMmZmY5fIqkX/MImmS8OV+SV8TLj2X0BZletaTYKQdc+GUyblSB8D+ c7WwtKTXBahrdn8EUB6NXLIRZ/0k4ZgOnC5qlQjR2A51UhuTxgxxKt1G/hvkA2pX2OqK YCrgQMFIEoLgBwDjh2zg4sZeHtewXdEGXXhfWIj3F0au2wqoNV4PAHo6innwFZTJXHCT M9YSXl88fQi93XE01wZ6FAUxEbT/LdDIgEQi6oSoMWSVJjTJWKfvWviv434ZeitVLWzT 7/Uw== X-Gm-Message-State: ABy/qLZOkJVJQOVbvoZVhJDpXac7PA+um/L7x7yyUZWQsbZWsJXyaKXw Il7iSEOfOpmiYrt4KBzcazO6rQ== X-Received: by 2002:adf:e28a:0:b0:314:521:ce0a with SMTP id v10-20020adfe28a000000b003140521ce0amr636808wri.40.1688622764323; Wed, 05 Jul 2023 22:52:44 -0700 (PDT) Received: from localhost ([102.36.222.112]) by smtp.gmail.com with ESMTPSA id z8-20020adfdf88000000b003143bb5ecd5sm855993wrl.69.2023.07.05.22.52.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Jul 2023 22:52:43 -0700 (PDT) Date: Thu, 6 Jul 2023 08:52:39 +0300 From: Dan Carpenter To: Casey Schaufler Cc: Paul Moore , James Morris , "Serge E. Hallyn" , Andrew Morton , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-janitors@vger.kernel.org Subject: [PATCH] smackfs: Prevent underflow in smk_set_cipso() Message-ID: <5070f3eb-55e2-44db-a97d-41f9b9878c6d@moroto.mountain> MIME-Version: 1.0 Content-Disposition: inline X-Mailer: git-send-email haha only kidding X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770650552780930175?= X-GMAIL-MSGID: =?utf-8?q?1770650552780930175?= There is a upper bound to "catlen" but no lower bound to prevent negatives. I don't see that this necessarily causes a problem but we may as well be safe. Fixes: e114e473771c ("Smack: Simplified Mandatory Access Control Kernel") Signed-off-by: Dan Carpenter --- security/smack/smackfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 5590eaad241b..25f67d1b5c73 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -896,7 +896,7 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf, } ret = sscanf(rule, "%d", &catlen); - if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM) + if (ret != 1 || catlen < 0 || catlen > SMACK_CIPSO_MAXCATNUM) goto out; if (format == SMK_FIXED24_FMT &&