Merge tag 'Smack-for-6.6' of https://github.com/cschaufler/smack-next

Pull smack updates from Casey Schaufler:
 "Two minor fixes: is a simple spelling fix. The other is a bounds check
  for a very likely underflow"

* tag 'Smack-for-6.6' of https://github.com/cschaufler/smack-next:
  smackfs: Prevent underflow in smk_set_cipso()
  security: smack: smackfs: fix typo (lables->labels)

Author: torvalds

security/smack/smackfs.c

@@ -114,7 +114,7 @@ struct smack_known *smack_syslog_label;
  * SMACK_PTRACE_DEFAULT    regular smack ptrace rules (/proc based)
  * SMACK_PTRACE_EXACT      labels must match, but can be overriden with
  *			   CAP_SYS_PTRACE
- * SMACK_PTRACE_DRACONIAN  lables must match, CAP_SYS_PTRACE has no effect
+ * SMACK_PTRACE_DRACONIAN  labels must match, CAP_SYS_PTRACE has no effect
  */
 int smack_ptrace_rule = SMACK_PTRACE_DEFAULT;
 
@@ -896,7 +896,7 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf,
 	}
 
 	ret = sscanf(rule, "%d", &catlen);
-	if (ret != 1 || catlen > SMACK_CIPSO_MAXCATNUM)
+	if (ret != 1 || catlen < 0 || catlen > SMACK_CIPSO_MAXCATNUM)
 		goto out;
 
 	if (format == SMK_FIXED24_FMT &&