Inicio Explorar Axuda
Rexistro Iniciar sesión
phyus
/
linux-vybrid_public
8
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

SELinux: null-terminate context string in selinux_xfrm_sec_ctx_alloc

xfrm_audit_log() expects the context string to be null-terminated
which currently doesn't happen with user-supplied contexts.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Venkat Yekkirala %!s(int64=18) %!d(string=hai) anos
pai
0de085bb47
achega
910949a668
Modificáronse 1 ficheiros con 2 adicións e 1 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 2 1
      security/selinux/xfrm.c

+ 2 - 1
security/selinux/xfrm.c
Ver ficheiro 

@@ -216,7 +216,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
 
 		return -ENOMEM;
 
 
 	*ctxp = ctx = kmalloc(sizeof(*ctx) +
 
-			      uctx->ctx_len,
 
+			      uctx->ctx_len + 1,
 
 			      GFP_KERNEL);
 
 
 	if (!ctx)
 
@@ -229,6 +229,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
 
 	memcpy(ctx->ctx_str,
 
 	       uctx+1,
 
 	       ctx->ctx_len);
 
+	ctx->ctx_str[ctx->ctx_len] = 0;
 
 	rc = security_context_to_sid(ctx->ctx_str,
 
 				     ctx->ctx_len,
 
 				     &ctx->ctx_sid);