diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2012-04-02 19:40:47 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-05-29 23:28:33 -0400 |
| commit | cc1dad7183e4cb7f5d313b6942f2059fc0eabab6 (patch) | |
| tree | 372614e5c981ff868682af2babdd8d0fec356952 /security | |
| parent | c862868bb455694704c255481369c40d7185eb25 (diff) | |
selinuxfs snprintf() misuses
a) %d does _not_ produce a page worth of output
b) snprintf() doesn't return negatives - it used to in old glibc, but
that's the kernel...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/selinuxfs.c | 36 |
1 files changed, 7 insertions, 29 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 4e93f9ef970b..3ad290251288 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
| @@ -1259,12 +1259,8 @@ static int sel_make_bools(void) | |||
| 1259 | if (!inode) | 1259 | if (!inode) |
| 1260 | goto out; | 1260 | goto out; |
| 1261 | 1261 | ||
| 1262 | ret = -EINVAL; | ||
| 1263 | len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); | ||
| 1264 | if (len < 0) | ||
| 1265 | goto out; | ||
| 1266 | |||
| 1267 | ret = -ENAMETOOLONG; | 1262 | ret = -ENAMETOOLONG; |
| 1263 | len = snprintf(page, PAGE_SIZE, "/%s/%s", BOOL_DIR_NAME, names[i]); | ||
| 1268 | if (len >= PAGE_SIZE) | 1264 | if (len >= PAGE_SIZE) |
| 1269 | goto out; | 1265 | goto out; |
| 1270 | 1266 | ||
| @@ -1557,19 +1553,10 @@ static inline u32 sel_ino_to_perm(unsigned long ino) | |||
| 1557 | static ssize_t sel_read_class(struct file *file, char __user *buf, | 1553 | static ssize_t sel_read_class(struct file *file, char __user *buf, |
| 1558 | size_t count, loff_t *ppos) | 1554 | size_t count, loff_t *ppos) |
| 1559 | { | 1555 | { |
| 1560 | ssize_t rc, len; | ||
| 1561 | char *page; | ||
| 1562 | unsigned long ino = file->f_path.dentry->d_inode->i_ino; | 1556 | unsigned long ino = file->f_path.dentry->d_inode->i_ino; |
| 1563 | 1557 | char res[TMPBUFLEN]; | |
| 1564 | page = (char *)__get_free_page(GFP_KERNEL); | 1558 | ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_class(ino)); |
| 1565 | if (!page) | 1559 | return simple_read_from_buffer(buf, count, ppos, res, len); |
| 1566 | return -ENOMEM; | ||
| 1567 | |||
| 1568 | len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_class(ino)); | ||
| 1569 | rc = simple_read_from_buffer(buf, count, ppos, page, len); | ||
| 1570 | free_page((unsigned long)page); | ||
| 1571 | |||
| 1572 | return rc; | ||
| 1573 | } | 1560 | } |
| 1574 | 1561 | ||
| 1575 | static const struct file_operations sel_class_ops = { | 1562 | static const struct file_operations sel_class_ops = { |
| @@ -1580,19 +1567,10 @@ static const struct file_operations sel_class_ops = { | |||
| 1580 | static ssize_t sel_read_perm(struct file *file, char __user *buf, | 1567 | static ssize_t sel_read_perm(struct file *file, char __user *buf, |
| 1581 | size_t count, loff_t *ppos) | 1568 | size_t count, loff_t *ppos) |
| 1582 | { | 1569 | { |
| 1583 | ssize_t rc, len; | ||
| 1584 | char *page; | ||
| 1585 | unsigned long ino = file->f_path.dentry->d_inode->i_ino; | 1570 | unsigned long ino = file->f_path.dentry->d_inode->i_ino; |
| 1586 | 1571 | char res[TMPBUFLEN]; | |
| 1587 | page = (char *)__get_free_page(GFP_KERNEL); | 1572 | ssize_t len = snprintf(res, sizeof(res), "%d", sel_ino_to_perm(ino)); |
| 1588 | if (!page) | 1573 | return simple_read_from_buffer(buf, count, ppos, res, len); |
| 1589 | return -ENOMEM; | ||
| 1590 | |||
| 1591 | len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_perm(ino)); | ||
| 1592 | rc = simple_read_from_buffer(buf, count, ppos, page, len); | ||
| 1593 | free_page((unsigned long)page); | ||
| 1594 | |||
| 1595 | return rc; | ||
| 1596 | } | 1574 | } |
| 1597 | 1575 | ||
| 1598 | static const struct file_operations sel_perm_ops = { | 1576 | static const struct file_operations sel_perm_ops = { |