[PATCH] selinux: check processed security context length

From: Stephen Smalley <sds@epoch.ncsc.mil> This patch changes security_context_to_sid to check the length of the processed security context against the full length of the provided context, rejecting any further data. Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] selinux: check processed security context length
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch changes security_context_to_sid to check the length of the processed security context against the full length of the provided context, rejecting any further data. Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
863dacdd · Andrew Morton · Linus Torvalds · 2d34e817 · 863dacdd · 863dacdd
Commit 863dacdd authored Jun 02, 2004 by Andrew Morton Committed by Linus Torvalds Jun 02, 2004
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

security/selinux/ss/mls.c security/selinux/ss/mls.c +1 -1

security/selinux/ss/services.c security/selinux/ss/services.c +5 -0

No files found.
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -290,7 +290,7 @@ int mls_context_to_sid(char oldc,
 		if (rc)
 			goto out;
 	}
-	*scontext = p;
+	*scontext = ++p;
 	rc = 0;
 out:
 	return rc;

--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -532,6 +532,11 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
 	if (rc)
 		goto out_unlock;

+	if ((p - scontext2) < scontext_len) {
+		rc = -EINVAL;
+		goto out_unlock;
+	}
+
 	/* Check the validity of the new context. */
 	if (!policydb_context_isvalid(&policydb, &context)) {
 		rc = -EINVAL;