smack: /smack/doi must be > 0

/smack/doi allows writing and keeping negative doi values.
Correct values are 0 < doi <= (max 32-bit positive integer)

(2008-02-04, Casey Schaufler)
Fixes: e114e473771c ("Smack: Simplified Mandatory Access Control Kernel")
Signed-off-by: Konstantin Andreev <andreev@swemel.ru>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 2a9d3f2ebbe13c673f99282347b05778aa880eb8..e611e0fb5620982639bcdb5c93cfde6ae965de08 100644 (file)
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -141,7 +141,7 @@ struct smack_parsed_rule {
        int                     smk_access2;
 };
 
-static int smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
+static u32 smk_cipso_doi_value = SMACK_CIPSO_DOI_DEFAULT;
 
 /*
  * Values for parsing cipso rules
@@ -1562,7 +1562,7 @@ static ssize_t smk_read_doi(struct file *filp, char __user *buf,
        if (*ppos != 0)
                return 0;
 
-       sprintf(temp, "%d", smk_cipso_doi_value);
+       sprintf(temp, "%lu", (unsigned long)smk_cipso_doi_value);
        rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
 
        return rc;
@@ -1581,7 +1581,7 @@ static ssize_t smk_write_doi(struct file *file, const char __user *buf,
                             size_t count, loff_t *ppos)
 {
        char temp[80];
-       int i;
+       unsigned long u;
 
        if (!smack_privileged(CAP_MAC_ADMIN))
                return -EPERM;
@@ -1594,10 +1594,12 @@ static ssize_t smk_write_doi(struct file *file, const char __user *buf,
 
        temp[count] = '\0';
 
-       if (sscanf(temp, "%d", &i) != 1)
+       if (kstrtoul(temp, 10, &u))
                return -EINVAL;
 
-       smk_cipso_doi_value = i;
+       if (u == CIPSO_V4_DOI_UNKNOWN || u > U32_MAX)
+               return -EINVAL;
+       smk_cipso_doi_value = u;
 
        smk_cipso_doi();