diff options
Diffstat (limited to 'security/selinux/ss/services.c')
| -rw-r--r-- | security/selinux/ss/services.c | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index f3def298a90e..12e414394530 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -1365,7 +1365,6 @@ int security_sid_to_context_force(struct selinux_state *state, u32 sid, | |||
| 1365 | static int string_to_context_struct(struct policydb *pol, | 1365 | static int string_to_context_struct(struct policydb *pol, |
| 1366 | struct sidtab *sidtabp, | 1366 | struct sidtab *sidtabp, |
| 1367 | char *scontext, | 1367 | char *scontext, |
| 1368 | u32 scontext_len, | ||
| 1369 | struct context *ctx, | 1368 | struct context *ctx, |
| 1370 | u32 def_sid) | 1369 | u32 def_sid) |
| 1371 | { | 1370 | { |
| @@ -1426,15 +1425,12 @@ static int string_to_context_struct(struct policydb *pol, | |||
| 1426 | 1425 | ||
| 1427 | ctx->type = typdatum->value; | 1426 | ctx->type = typdatum->value; |
| 1428 | 1427 | ||
| 1429 | rc = mls_context_to_sid(pol, oldc, &p, ctx, sidtabp, def_sid); | 1428 | rc = mls_context_to_sid(pol, oldc, p, ctx, sidtabp, def_sid); |
| 1430 | if (rc) | 1429 | if (rc) |
| 1431 | goto out; | 1430 | goto out; |
| 1432 | 1431 | ||
| 1433 | rc = -EINVAL; | ||
| 1434 | if ((p - scontext) < scontext_len) | ||
| 1435 | goto out; | ||
| 1436 | |||
| 1437 | /* Check the validity of the new context. */ | 1432 | /* Check the validity of the new context. */ |
| 1433 | rc = -EINVAL; | ||
| 1438 | if (!policydb_context_isvalid(pol, ctx)) | 1434 | if (!policydb_context_isvalid(pol, ctx)) |
| 1439 | goto out; | 1435 | goto out; |
| 1440 | rc = 0; | 1436 | rc = 0; |
| @@ -1489,7 +1485,7 @@ static int security_context_to_sid_core(struct selinux_state *state, | |||
| 1489 | policydb = &state->ss->policydb; | 1485 | policydb = &state->ss->policydb; |
| 1490 | sidtab = &state->ss->sidtab; | 1486 | sidtab = &state->ss->sidtab; |
| 1491 | rc = string_to_context_struct(policydb, sidtab, scontext2, | 1487 | rc = string_to_context_struct(policydb, sidtab, scontext2, |
| 1492 | scontext_len, &context, def_sid); | 1488 | &context, def_sid); |
| 1493 | if (rc == -EINVAL && force) { | 1489 | if (rc == -EINVAL && force) { |
| 1494 | context.str = str; | 1490 | context.str = str; |
| 1495 | context.len = strlen(str) + 1; | 1491 | context.len = strlen(str) + 1; |
| @@ -1958,7 +1954,7 @@ static int convert_context(u32 key, | |||
| 1958 | goto out; | 1954 | goto out; |
| 1959 | 1955 | ||
| 1960 | rc = string_to_context_struct(args->newp, NULL, s, | 1956 | rc = string_to_context_struct(args->newp, NULL, s, |
| 1961 | c->len, &ctx, SECSID_NULL); | 1957 | &ctx, SECSID_NULL); |
| 1962 | kfree(s); | 1958 | kfree(s); |
| 1963 | if (!rc) { | 1959 | if (!rc) { |
| 1964 | pr_info("SELinux: Context %s became valid (mapped).\n", | 1960 | pr_info("SELinux: Context %s became valid (mapped).\n", |