[PATCH] selinux: check processed security context length

From: Stephen Smalley <sds@epoch.ncsc.mil> This patch changes security_context_to_sid to check the length of the processed security context against the full length of the provided context, rejecting any further data. Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Andrew Morton <akpm@osdl.org> 2004-06-02 17:59:21 -0700
committer: Linus Torvalds <torvalds@ppc970.osdl.org> 2004-06-02 17:59:21 -0700
commit: 863dacddb3d17e76f1345d2e030d6c481b5d62fd (patch)
tree: b8a6582d50f43e23735851d1b49f225d3ce44b92 /security
parent: 2d34e81752929b4213e6f151f2b81de170423b8e (diff)
2 files changed, 6 insertions, 1 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index aa1b54c4708b..f54ad88d4873 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -290,7 +290,7 @@ int mls_context_to_sid(char oldc,
 		if (rc)
 			goto out;
 	}
-	*scontext = p;
+	*scontext = ++p;
 	rc = 0;
 out:
 	return rc;
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 7d0fedf04179..21ab4c975f60 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -532,6 +532,11 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
 	if (rc)
 		goto out_unlock;
 
+	if ((p - scontext2) < scontext_len) {
+		rc = -EINVAL;
+		goto out_unlock;
+	}
+
 	/* Check the validity of the new context. */
 	if (!policydb_context_isvalid(&policydb, &context)) {
 		rc = -EINVAL;
author	Andrew Morton <akpm@osdl.org>	2004-06-02 17:59:21 -0700
committer	Linus Torvalds <torvalds@ppc970.osdl.org>	2004-06-02 17:59:21 -0700
commit	863dacddb3d17e76f1345d2e030d6c481b5d62fd (patch)
tree	b8a6582d50f43e23735851d1b49f225d3ce44b92 /security
parent	2d34e81752929b4213e6f151f2b81de170423b8e (diff)