Commit 910949a6 authored by Venkat Yekkirala's avatar Venkat Yekkirala Committed by James Morris

SELinux: null-terminate context string in selinux_xfrm_sec_ctx_alloc

xfrm_audit_log() expects the context string to be null-terminated
which currently doesn't happen with user-supplied contexts.
Signed-off-by: default avatarVenkat Yekkirala <vyekkirala@TrustedCS.com>
Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 0de085bb
......@@ -216,7 +216,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
return -ENOMEM;
*ctxp = ctx = kmalloc(sizeof(*ctx) +
uctx->ctx_len,
uctx->ctx_len + 1,
GFP_KERNEL);
if (!ctx)
......@@ -229,6 +229,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
memcpy(ctx->ctx_str,
uctx+1,
ctx->ctx_len);
ctx->ctx_str[ctx->ctx_len] = 0;
rc = security_context_to_sid(ctx->ctx_str,
ctx->ctx_len,
&ctx->ctx_sid);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment