3 files changed, 15 insertions, 9 deletions
diff --git a/include/linux/key-type.h b/include/linux/key-type.h
index 39e3c082c49d..f0c651cda7b0 100644
--- a/include/linux/key-type.h
+++ b/include/linux/key-type.h
@@ -13,6 +13,7 @@
 #define _LINUX_KEY_TYPE_H
 #include <linux/key.h>
+#include <linux/errno.h>
 #ifdef CONFIG_KEYS
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 94c45a1531a4..79690f401a58 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2791,11 +2791,16 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
                        /* We strip a nul only if it is at the end, otherwise the
                         * context contains a nul and we should audit that */
-                        str = value;
+                        if (value) {
-                        if (str[size - 1] == '\0')
+                                str = value;
-                                audit_size = size - 1;
+                                if (str[size - 1] == '\0')
-                        else
+                                        audit_size = size - 1;
-                                audit_size = size;
+                                else
+                                        audit_size = size;
+                        } else {
+                                str = "";
+                                audit_size = 0;
+                        }
                        ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
                        audit_log_format(ab, "op=setxattr invalid_context=");
                        audit_log_n_untrustedstring(ab, value, audit_size);
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index d31e6d957c21..b1b768e4049a 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -323,11 +323,11 @@ static int smk_parse_long_rule(const char *data, struct smack_rule *rule,
        int datalen;
        int rc = -1;
-        /*
+        /* This is inefficient */
-         * This is probably inefficient, but safe.
-         */
        datalen = strlen(data);
-        subject = kzalloc(datalen, GFP_KERNEL);
+        /* Our first element can be 64 + \0 with no spaces */
+        subject = kzalloc(datalen + 1, GFP_KERNEL);
        if (subject == NULL)
                return -1;
        object = kzalloc(datalen, GFP_KERNEL);

diff --git a/include/linux/key-type.h b/include/linux/key-type.h index 39e3c082c49d..f0c651cda7b0 100644 --- a/include/linux/key-type.h +++ b/include/linux/key-type.h
@@ -13,6 +13,7 @@
13	#define _LINUX_KEY_TYPE_H	13	#define _LINUX_KEY_TYPE_H
14		14
15	#include <linux/key.h>	15	#include <linux/key.h>
		16	#include <linux/errno.h>
16		17
17	#ifdef CONFIG_KEYS	18	#ifdef CONFIG_KEYS
18		19


diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 94c45a1531a4..79690f401a58 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -2791,11 +2791,16 @@ static int selinux_inode_setxattr(struct dentry dentry, const char name,
2791		2791
2792	/* We strip a nul only if it is at the end, otherwise the	2792	/* We strip a nul only if it is at the end, otherwise the
2793	* context contains a nul and we should audit that */	2793	* context contains a nul and we should audit that */
2794	str = value;	2794	if (value) {
2795	if (str[size - 1] == '\0')	2795	str = value;
2796	audit_size = size - 1;	2796	if (str[size - 1] == '\0')
2797	else	2797	audit_size = size - 1;
2798	audit_size = size;	2798	else
		2799	audit_size = size;
		2800	} else {
		2801	str = "";
		2802	audit_size = 0;
		2803	}
2799	ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);	2804	ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR);
2800	audit_log_format(ab, "op=setxattr invalid_context=");	2805	audit_log_format(ab, "op=setxattr invalid_context=");
2801	audit_log_n_untrustedstring(ab, value, audit_size);	2806	audit_log_n_untrustedstring(ab, value, audit_size);


diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index d31e6d957c21..b1b768e4049a 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c
@@ -323,11 +323,11 @@ static int smk_parse_long_rule(const char data, struct smack_rule rule,
323	int datalen;	323	int datalen;
324	int rc = -1;	324	int rc = -1;
325		325
326	/*	326	/* This is inefficient */
327	* This is probably inefficient, but safe.
328	*/
329	datalen = strlen(data);	327	datalen = strlen(data);
330	subject = kzalloc(datalen, GFP_KERNEL);	328
		329	/* Our first element can be 64 + \0 with no spaces */
		330	subject = kzalloc(datalen + 1, GFP_KERNEL);
331	if (subject == NULL)	331	if (subject == NULL)
332	return -1;	332	return -1;
333	object = kzalloc(datalen, GFP_KERNEL);	333	object = kzalloc(datalen, GFP_KERNEL);