Smack: handle zero-length security labels without panic Zero-length security labels are invalid but kernel should handle them. This patch fixes kernel panic after setting zero-length security labels: # attr -S -s "SMACK64" -V "" file And after writing zero-length string into smackfs files syslog and onlycp: # python -c 'import os; os.write(1, "")' > /smack/syslog The problem is caused by brain-damaged logic in function smk_parse_smack() which takes pointer to buffer and its length but if length below or equal zero it thinks that the buffer is zero-terminated. Unfortunately callers of this function are widely used and proper fix requires serious refactoring. Signed-off-by: Konstantin Khlebnikov <k.khlebnikov@samsung.com>

commit: b862e561bad6372872f5bf98d95f4131d265b110 [log] [tgz]
author: Konstantin Khlebnikov <k.khlebnikov@samsung.com> Thu Aug 07 20:52:43 2014 +0400
committer: Casey Schaufler <casey@schaufler-ca.com> Fri Aug 08 14:51:07 2014 -0700
tree: 86df1aa1baae0401ede16a22748bef65ca345ea3
parent: fd5c9d230d2ac8a2594dfd15f0cca678fd7a64c7 [diff] [blame]
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 3c720ff..56a1439 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c

@@ -1677,7 +1677,7 @@
 	if (smack_onlycap != NULL && smack_onlycap != skp)
 		return -EPERM;
 
-	data = kzalloc(count, GFP_KERNEL);
+	data = kzalloc(count + 1, GFP_KERNEL);
 	if (data == NULL)
 		return -ENOMEM;
 
@@ -2228,7 +2228,7 @@
 	if (!smack_privileged(CAP_MAC_ADMIN))
 		return -EPERM;
 
-	data = kzalloc(count, GFP_KERNEL);
+	data = kzalloc(count + 1, GFP_KERNEL);
 	if (data == NULL)
 		return -ENOMEM;
commit	b862e561bad6372872f5bf98d95f4131d265b110	[log] [tgz]
author	Konstantin Khlebnikov <k.khlebnikov@samsung.com>	Thu Aug 07 20:52:43 2014 +0400
committer	Casey Schaufler <casey@schaufler-ca.com>	Fri Aug 08 14:51:07 2014 -0700
tree	86df1aa1baae0401ede16a22748bef65ca345ea3
parent	fd5c9d230d2ac8a2594dfd15f0cca678fd7a64c7 [diff] [blame]