| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LRH.2.00.0911121857110.31071@tundra.namei.org>
Date: Thu, 12 Nov 2009 19:16:14 +1100 (EST)
From: James Morris <jmorris@...ei.org>
To: Julia Lawall <julia@...u.dk>
cc: Stephen Smalley <sds@...ho.nsa.gov>,
Eric Paris <eparis@...isplace.org>,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
kernel-janitors@...r.kernel.org
Subject: Re: [PATCH 3/4] security/selinux: decrement sizeof size in strncmp
On Thu, 12 Nov 2009, Julia Lawall wrote:
> From: Julia Lawall <julia@...u.dk>
>
> As observed by Joe Perches, sizeof of a constant string includes the
> trailing 0. If what is wanted is to check the initial characters of
> another string, this trailing 0 should not be taken into account. If an
> exact match is wanted, strcmp should be used instead.
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -448,7 +448,7 @@ static int sb_finish_set_opts(struct sup
> sbsec->flags &= ~SE_SBLABELSUPP;
>
> /* Special handling for sysfs. Is genfs but also has setxattr handler*/
> - if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs")) == 0)
> + if (strncmp(sb->s_type->name, "sysfs", sizeof("sysfs") - 1) == 0)
> sbsec->flags |= SE_SBLABELSUPP;
Shouldn't this be a simple strcmp() ?
--
James Morris
<jmorris@...ei.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists