SELinux: NULL terminate al contexts from disk

When a context is pulled in from disk we don't know that it is null
terminated.  This patch forecebly null terminates contexts when we pull
them from disk.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>

1 files changed, 4 insertions, 2 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index aebcfad5613f..309648c573d8 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1270,12 +1270,13 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
                 }
 
                 len = INITCONTEXTLEN;
-                context = kmalloc(len, GFP_NOFS);
+                context = kmalloc(len+1, GFP_NOFS);
                 if (!context) {
                         rc = -ENOMEM;
                         dput(dentry);
                         goto out_unlock;
                 }
+                context[len] = '\0';
                 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
                                            context, len);
                 if (rc == -ERANGE) {
@@ -1288,12 +1289,13 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
                         }
                         kfree(context);
                         len = rc;
-                        context = kmalloc(len, GFP_NOFS);
+                        context = kmalloc(len+1, GFP_NOFS);
                         if (!context) {
                                 rc = -ENOMEM;
                                 dput(dentry);
                                 goto out_unlock;
                         }
+                        context[len] = '\0';
                         rc = inode->i_op->getxattr(dentry,
                                                    XATTR_NAME_SELINUX,
                                                    context, len);