diff options
Diffstat (limited to 'security/selinux')
| -rw-r--r-- | security/selinux/hooks.c | 3 | ||||
| -rw-r--r-- | security/selinux/ss/mls.c | 10 |
2 files changed, 10 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7ce683259357..a67459eb62d5 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -5318,6 +5318,9 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname, | |||
| 5318 | addr_buf = address; | 5318 | addr_buf = address; |
| 5319 | 5319 | ||
| 5320 | while (walk_size < addrlen) { | 5320 | while (walk_size < addrlen) { |
| 5321 | if (walk_size + sizeof(sa_family_t) > addrlen) | ||
| 5322 | return -EINVAL; | ||
| 5323 | |||
| 5321 | addr = addr_buf; | 5324 | addr = addr_buf; |
| 5322 | switch (addr->sa_family) { | 5325 | switch (addr->sa_family) { |
| 5323 | case AF_UNSPEC: | 5326 | case AF_UNSPEC: |
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index 2fe459df3c85..b7efa2296969 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c | |||
| @@ -245,9 +245,13 @@ int mls_context_to_sid(struct policydb *pol, | |||
| 245 | char *rangep[2]; | 245 | char *rangep[2]; |
| 246 | 246 | ||
| 247 | if (!pol->mls_enabled) { | 247 | if (!pol->mls_enabled) { |
| 248 | if ((def_sid != SECSID_NULL && oldc) || (*scontext) == '\0') | 248 | /* |
| 249 | return 0; | 249 | * With no MLS, only return -EINVAL if there is a MLS field |
| 250 | return -EINVAL; | 250 | * and it did not come from an xattr. |
| 251 | */ | ||
| 252 | if (oldc && def_sid == SECSID_NULL) | ||
| 253 | return -EINVAL; | ||
| 254 | return 0; | ||
| 251 | } | 255 | } |
| 252 | 256 | ||
| 253 | /* | 257 | /* |