smackfs: Prevent underflow in smk_set_cipso()

Dan Carpenter · cschaufler · commit 3ad49d37cf57 · 2023-08-07T14:09:23.000-07:00
There is a upper bound to "catlen" but no lower bound to prevent negatives. I don't see that this necessarily causes a problem but we may as well be safe. Fixes: e114e47 ("Smack: Simplified Mandatory Access Control Kernel") Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
@@ -896,7 +896,7 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
 	}
 
 	ret = sscanf(rule, "%d", &catlen);
-	if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
+	if (ret != 1 || catlen < 0 || catlen > SMACK_CIPSO_MAXCATNUM)
 		goto out;
 
 	if (format == SMK_FIXED24_FMT &&

Original file line number	Diff line number	Diff line change
`@@ -896,7 +896,7 @@ static ssize_t smk_set_cipso(struct file file, const char __user buf,`
`896`	`896`	`}`
`897`	`897`
`898`	`898`	`ret = sscanf(rule, "%d", &catlen);`
`899`		`- if (ret != 1 \|\| catlen > SMACK_CIPSO_MAXCATNUM)`
	`899`	`+ if (ret != 1 \|\| catlen < 0 \|\| catlen > SMACK_CIPSO_MAXCATNUM)`
`900`	`900`	`goto out;`
`901`	`901`
`902`	`902`	`if (format == SMK_FIXED24_FMT &&`