selinuxfs snprintf() misuses

a) %d does _not_ produce a page worth of output b) snprintf() doesn't return negatives - it used to in old glibc, but that's the kernel... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2012-04-02 19:40:47 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2012-05-29 23:28:33 -0400
commit: cc1dad7183e4cb7f5d313b6942f2059fc0eabab6 (patch)
tree: 372614e5c981ff868682af2babdd8d0fec356952
parent: c862868bb455694704c255481369c40d7185eb25 (diff)
1 files changed, 7 insertions, 29 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 4e93f9ef970b..3ad290251288 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1259,12 +1259,8 @@ static int sel_make_bools(void)
                if (!inode)
                        goto out;
-                ret = -EINVAL;
-                len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
-                if (len < 0)
-                        goto out;
                ret = -ENAMETOOLONG;
+                len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
                if (len >= PAGE_SIZE)
                        goto out;
@@ -1557,19 +1553,10 @@ static inline u32 sel_ino_to_perm(unsigned long ino)
 static ssize_t sel_read_class(struct file *file, char __user *buf,
                                size_t count, loff_t *ppos)
 {
-        ssize_t rc, len;
-        char *page;
        unsigned long ino = file->f_path.dentry->d_inode->i_ino;
+        char res[TMPBUFLEN];
-        page = (char *)__get_free_page(GFP_KERNEL);
+        ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
-        if (!page)
+        return simple_read_from_buffer(buf, count, ppos, res, len);
-                return -ENOMEM;
-        len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_class(ino));
-        rc = simple_read_from_buffer(buf, count, ppos, page, len);
-        free_page((unsigned long)page);
-        return rc;
 }
 static const struct file_operations sel_class_ops = {
@@ -1580,19 +1567,10 @@ static const struct file_operations sel_class_ops = {
 static ssize_t sel_read_perm(struct file *file, char __user *buf,
                                size_t count, loff_t *ppos)
 {
-        ssize_t rc, len;
-        char *page;
        unsigned long ino = file->f_path.dentry->d_inode->i_ino;
+        char res[TMPBUFLEN];
-        page = (char *)__get_free_page(GFP_KERNEL);
+        ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
-        if (!page)
+        return simple_read_from_buffer(buf, count, ppos, res, len);
-                return -ENOMEM;
-        len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_perm(ino));
-        rc = simple_read_from_buffer(buf, count, ppos, page, len);
-        free_page((unsigned long)page);
-        return rc;
 }
 static const struct file_operations sel_perm_ops = {
author	Al Viro <viro@zeniv.linux.org.uk>	2012-04-02 19:40:47 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2012-05-29 23:28:33 -0400
commit	cc1dad7183e4cb7f5d313b6942f2059fc0eabab6 (patch)
tree	372614e5c981ff868682af2babdd8d0fec356952
parent	c862868bb455694704c255481369c40d7185eb25 (diff)

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 4e93f9ef970b..3ad290251288 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c
@@ -1259,12 +1259,8 @@ static int sel_make_bools(void)
1259	if (!inode)	1259	if (!inode)
1260	goto out;	1260	goto out;
1261		1261
1262	ret = -EINVAL;
1263	len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
1264	if (len < 0)
1265	goto out;
1266
1267	ret = -ENAMETOOLONG;	1262	ret = -ENAMETOOLONG;
		1263	len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]);
1268	if (len >= PAGE_SIZE)	1264	if (len >= PAGE_SIZE)
1269	goto out;	1265	goto out;
1270		1266
@@ -1557,19 +1553,10 @@ static inline u32 sel_ino_to_perm(unsigned long ino)
1557	static ssize_t sel_read_class(struct file file, char __user buf,	1553	static ssize_t sel_read_class(struct file file, char __user buf,
1558	size_t count, loff_t *ppos)	1554	size_t count, loff_t *ppos)
1559	{	1555	{
1560	ssize_t rc, len;
1561	char *page;
1562	unsigned long ino = file->f_path.dentry->d_inode->i_ino;	1556	unsigned long ino = file->f_path.dentry->d_inode->i_ino;
1563		1557	char res[TMPBUFLEN];
1564	page = (char *)__get_free_page(GFP_KERNEL);	1558	ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino));
1565	if (!page)	1559	return simple_read_from_buffer(buf, count, ppos, res, len);
1566	return -ENOMEM;
1567
1568	len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_class(ino));
1569	rc = simple_read_from_buffer(buf, count, ppos, page, len);
1570	free_page((unsigned long)page);
1571
1572	return rc;
1573	}	1560	}
1574		1561
1575	static const struct file_operations sel_class_ops = {	1562	static const struct file_operations sel_class_ops = {
@@ -1580,19 +1567,10 @@ static const struct file_operations sel_class_ops = {
1580	static ssize_t sel_read_perm(struct file file, char __user buf,	1567	static ssize_t sel_read_perm(struct file file, char __user buf,
1581	size_t count, loff_t *ppos)	1568	size_t count, loff_t *ppos)
1582	{	1569	{
1583	ssize_t rc, len;
1584	char *page;
1585	unsigned long ino = file->f_path.dentry->d_inode->i_ino;	1570	unsigned long ino = file->f_path.dentry->d_inode->i_ino;
1586		1571	char res[TMPBUFLEN];
1587	page = (char *)__get_free_page(GFP_KERNEL);	1572	ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino));
1588	if (!page)	1573	return simple_read_from_buffer(buf, count, ppos, res, len);
1589	return -ENOMEM;
1590
1591	len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_perm(ino));
1592	rc = simple_read_from_buffer(buf, count, ppos, page, len);
1593	free_page((unsigned long)page);
1594
1595	return rc;
1596	}	1574	}
1597		1575
1598	static const struct file_operations sel_perm_ops = {	1576	static const struct file_operations sel_perm_ops = {