Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (25 commits)
  security: remove register_security hook
  security: remove dummy module fix
  security: remove dummy module
  security: remove unused sb_get_mnt_opts hook
  LSM/SELinux: show LSM mount options in /proc/mounts
  SELinux: allow fstype unknown to policy to use xattrs if present
  security: fix return of void-valued expressions
  SELinux: use do_each_thread as a proper do/while block
  SELinux: remove unused and shadowed addrlen variable
  SELinux: more user friendly unknown handling printk
  selinux: change handling of invalid classes (Was: Re: 2.6.26-rc5-mm1 selinux whine)
  SELinux: drop load_mutex in security_load_policy
  SELinux: fix off by 1 reference of class_to_string in context_struct_compute_av
  SELinux: open code sidtab lock
  SELinux: open code load_mutex
  SELinux: open code policy_rwlock
  selinux: fix endianness bug in network node address handling
  selinux: simplify ioctl checking
  SELinux: enable processes with mac_admin to get the raw inode contexts
  Security: split proc ptrace checking into read vs. attach
  ...

1 files changed, 8 insertions, 7 deletions

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 84f8cc73c7db..2391761ae422 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -1478,7 +1478,8 @@ int policydb_read(struct policydb *p, void *fp)
         struct ocontext *l, *c, *newc;
         struct genfs *genfs_p, *genfs, *newgenfs;
         int i, j, rc;
-        __le32 buf[8];
+        __le32 buf[4];
+        u32 nodebuf[8];
         u32 len, len2, config, nprim, nel, nel2;
         char *policydb_str;
         struct policydb_compat_info *info;
@@ -1749,11 +1750,11 @@ int policydb_read(struct policydb *p, void *fp)
                                         goto bad;
                                 break;
                         case OCON_NODE:
-                                rc = next_entry(buf, fp, sizeof(u32) * 2);
+                                rc = next_entry(nodebuf, fp, sizeof(u32) * 2);
                                 if (rc < 0)
                                         goto bad;
-                                c->u.node.addr = le32_to_cpu(buf[0]);
-                                c->u.node.mask = le32_to_cpu(buf[1]);
+                                c->u.node.addr = nodebuf[0]; /* network order */
+                                c->u.node.mask = nodebuf[1]; /* network order */
                                 rc = context_read_and_validate(&c->context[0], p, fp);
                                 if (rc)
                                         goto bad;
@@ -1782,13 +1783,13 @@ int policydb_read(struct policydb *p, void *fp)
                         case OCON_NODE6: {
                                 int k;
 
-                                rc = next_entry(buf, fp, sizeof(u32) * 8);
+                                rc = next_entry(nodebuf, fp, sizeof(u32) * 8);
                                 if (rc < 0)
                                         goto bad;
                                 for (k = 0; k < 4; k++)
-                                        c->u.node6.addr[k] = le32_to_cpu(buf[k]);
+                                        c->u.node6.addr[k] = nodebuf[k];
                                 for (k = 0; k < 4; k++)
-                                        c->u.node6.mask[k] = le32_to_cpu(buf[k+4]);
+                                        c->u.node6.mask[k] = nodebuf[k+4];
                                 if (context_read_and_validate(&c->context[0], p, fp))
                                         goto bad;
                                 break;