Commit 2ef45916 authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'selinux-pr-20191007' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinuxfix from Paul Moore:
 "One patch to ensure we don't copy bad memory up into userspace"

* tag 'selinux-pr-20191007' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: fix context string corruption in convert_context()
parents f54e66ae 2a524393
...@@ -1946,7 +1946,14 @@ static int convert_context(struct context *oldc, struct context *newc, void *p) ...@@ -1946,7 +1946,14 @@ static int convert_context(struct context *oldc, struct context *newc, void *p)
rc = string_to_context_struct(args->newp, NULL, s, rc = string_to_context_struct(args->newp, NULL, s,
newc, SECSID_NULL); newc, SECSID_NULL);
if (rc == -EINVAL) { if (rc == -EINVAL) {
/* Retain string representation for later mapping. */ /*
* Retain string representation for later mapping.
*
* IMPORTANT: We need to copy the contents of oldc->str
* back into s again because string_to_context_struct()
* may have garbled it.
*/
memcpy(s, oldc->str, oldc->len);
context_init(newc); context_init(newc);
newc->str = s; newc->str = s;
newc->len = oldc->len; newc->len = oldc->len;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment