1 files changed, 8 insertions, 9 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 5b970ffde024..1158430f5bb9 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -142,8 +142,7 @@ int smk_access(struct smack_known *subject, struct smack_known *object,
         * Tasks cannot be assigned the internet label.
         * An internet subject can access any object.
         */
-        if (object == &smack_known_web ||
+        if (object == &smack_known_web || subject == &smack_known_web)
-            subject == &smack_known_web)
                goto out_audit;
        /*
         * A star object can be accessed by any subject.
@@ -157,10 +156,11 @@ int smk_access(struct smack_known *subject, struct smack_known *object,
        if (subject->smk_known == object->smk_known)
                goto out_audit;
        /*
-         * A hat subject can read any object.
+         * A hat subject can read or lock any object.
-         * A floor object can be read by any subject.
+         * A floor object can be read or locked by any subject.
         */
-        if ((request & MAY_ANYREAD) == request) {
+        if ((request & MAY_ANYREAD) == request ||
+            (request & MAY_LOCK) == request) {
                if (object == &smack_known_floor)
                        goto out_audit;
                if (subject == &smack_known_hat)
@@ -452,10 +452,9 @@ char *smk_parse_smack(const char *string, int len)
                return NULL;
        smack = kzalloc(i + 1, GFP_KERNEL);
-        if (smack != NULL) {
+        if (smack != NULL)
-                strncpy(smack, string, i + 1);
+                strncpy(smack, string, i);
-                smack[i] = '\0';
-        }
        return smack;
 }

diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index 5b970ffde024..1158430f5bb9 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c
@@ -142,8 +142,7 @@ int smk_access(struct smack_known subject, struct smack_known object,
142	* Tasks cannot be assigned the internet label.	142	* Tasks cannot be assigned the internet label.
143	* An internet subject can access any object.	143	* An internet subject can access any object.
144	*/	144	*/
145	if (object == &smack_known_web \|\|	145	if (object == &smack_known_web \|\| subject == &smack_known_web)
146	subject == &smack_known_web)
147	goto out_audit;	146	goto out_audit;
148	/*	147	/*
149	* A star object can be accessed by any subject.	148	* A star object can be accessed by any subject.
@@ -157,10 +156,11 @@ int smk_access(struct smack_known subject, struct smack_known object,
157	if (subject->smk_known == object->smk_known)	156	if (subject->smk_known == object->smk_known)
158	goto out_audit;	157	goto out_audit;
159	/*	158	/*
160	* A hat subject can read any object.	159	* A hat subject can read or lock any object.
161	* A floor object can be read by any subject.	160	* A floor object can be read or locked by any subject.
162	*/	161	*/
163	if ((request & MAY_ANYREAD) == request) {	162	if ((request & MAY_ANYREAD) == request \|\|
		163	(request & MAY_LOCK) == request) {
164	if (object == &smack_known_floor)	164	if (object == &smack_known_floor)
165	goto out_audit;	165	goto out_audit;
166	if (subject == &smack_known_hat)	166	if (subject == &smack_known_hat)
@@ -452,10 +452,9 @@ char smk_parse_smack(const char string, int len)
452	return NULL;	452	return NULL;
453		453
454	smack = kzalloc(i + 1, GFP_KERNEL);	454	smack = kzalloc(i + 1, GFP_KERNEL);
455	if (smack != NULL) {	455	if (smack != NULL)
456	strncpy(smack, string, i + 1);	456	strncpy(smack, string, i);
457	smack[i] = '\0';	457
458	}
459	return smack;	458	return smack;
460	}	459	}
461		460