Home Home > GIT Browse > SLE15-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2018-07-09 16:55:55 +0200
committerTakashi Iwai <tiwai@suse.de>2018-07-09 16:56:06 +0200
commitd3d1d0134be5c55576e960714b119b66efabffc0 (patch)
tree5fe70a16bf8d55512122bac7587c817bfb897c16
parent74ffb43e085bf742925ddc81ca46dd65a3158967 (diff)
selinux: ensure the context is NUL terminated in
security_context_to_sid_core() (bsc#1051510). suse-commit: 707cd92e5cc6057aa48107d13561008c978dba22
-rw-r--r--security/selinux/ss/services.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 60d9b0252321..f137aa02d6d4 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1402,27 +1402,27 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
if (!scontext_len)
return -EINVAL;
+ /* Copy the string to allow changes and ensure a NUL terminator */
+ scontext2 = kmalloc(scontext_len + 1, gfp_flags);
+ if (!scontext2)
+ return -ENOMEM;
+ memcpy(scontext2, scontext, scontext_len);
+ scontext2[scontext_len] = 0;
+
if (!ss_initialized) {
int i;
for (i = 1; i < SECINITSID_NUM; i++) {
- if (!strcmp(initial_sid_to_string[i], scontext)) {
+ if (!strcmp(initial_sid_to_string[i], scontext2)) {
*sid = i;
- return 0;
+ goto out;
}
}
*sid = SECINITSID_KERNEL;
- return 0;
+ goto out;
}
*sid = SECSID_NULL;
- /* Copy the string so that we can modify the copy as we parse it. */
- scontext2 = kmalloc(scontext_len + 1, gfp_flags);
- if (!scontext2)
- return -ENOMEM;
- memcpy(scontext2, scontext, scontext_len);
- scontext2[scontext_len] = 0;
-
if (force) {
/* Save another copy for storing in uninterpreted form */
rc = -ENOMEM;