[PATCH] smack: /smack/doi must be > 0
Casey Schaufler
casey at schaufler-ca.com
Wed Dec 31 20:52:35 UTC 2025
On 9/30/2025 5:16 AM, Konstantin Andreev wrote:
> /smack/doi allows writing and keeping negative doi values.
> Correct values are 0 < doi <= (max 32-bit positive integer)
>
> (2008-02-04, Casey Schaufler)
> Fixes: e114e473771c ("Smack: Simplified Mandatory Access Control Kernel")
>
> Signed-off-by: Konstantin Andreev <andreev at swemel.ru>
Added to smack-next for 6.20. Thank you.
> ---
> The patch applies on top of smack/next, commit 6ddd169d0288 ("smack: fix
> kernel-doc warnings for smk_import_valid_label()")
>
> security/smack/smackfs.c | 12 +++++++-----
> 1 file changed, 7 insertions(+), 5 deletions(-)
>
> diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
> index b1e5e62f5cbd..316c2ea401e8 100644
> --- a/security/smack/smackfs.c
> +++ b/security/smack/smackfs.c
> @@ -141,7 +141,7 @@ struct smack_parsed_rule {
> int smk_access2;
> };
>
> -static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
> +static u32 smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
>
> /*
> * Values for parsing cipso rules
> @@ -1562,7 +1562,7 @@ static ssize_t smk_read_doi(struct file *filp, char __user *buf,
> if (*ppos != 0)
> return 0;
>
> - sprintf(temp, "%d", smk_cipso_doi_value);
> + sprintf(temp, "%lu", (unsigned long)smk_cipso_doi_value);
> rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
>
> return rc;
> @@ -1581,7 +1581,7 @@ static ssize_t smk_write_doi(struct file *file, const char __user *buf,
> size_t count, loff_t *ppos)
> {
> char temp[80];
> - int i;
> + unsigned long u;
>
> if (!smack_privileged(CAP_MAC_ADMIN))
> return -EPERM;
> @@ -1594,10 +1594,12 @@ static ssize_t smk_write_doi(struct file *file, const char __user *buf,
>
> temp[count] = '\0';
>
> - if (sscanf(temp, "%d", &i) != 1)
> + if (kstrtoul(temp, 10, &u))
> return -EINVAL;
>
> - smk_cipso_doi_value = i;
> + if (u == CIPSO_V4_DOI_UNKNOWN || u > U32_MAX)
> + return -EINVAL;
> + smk_cipso_doi_value = u;
>
> smk_cipso_doi();
>
More information about the Linux-security-module-archive
mailing list