Commit 863dacdd authored by Andrew Morton's avatar Andrew Morton Committed by Linus Torvalds

[PATCH] selinux: check processed security context length

From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch changes security_context_to_sid to check the length of the
processed security context against the full length of the provided context,
rejecting any further data.
Signed-off-by: default avatarStephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 2d34e817
...@@ -290,7 +290,7 @@ int mls_context_to_sid(char oldc, ...@@ -290,7 +290,7 @@ int mls_context_to_sid(char oldc,
if (rc) if (rc)
goto out; goto out;
} }
*scontext = p; *scontext = ++p;
rc = 0; rc = 0;
out: out:
return rc; return rc;
......
...@@ -532,6 +532,11 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) ...@@ -532,6 +532,11 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
if (rc) if (rc)
goto out_unlock; goto out_unlock;
if ((p - scontext2) < scontext_len) {
rc = -EINVAL;
goto out_unlock;
}
/* Check the validity of the new context. */ /* Check the validity of the new context. */
if (!policydb_context_isvalid(&policydb, &context)) { if (!policydb_context_isvalid(&policydb, &context)) {
rc = -EINVAL; rc = -EINVAL;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment