diff options
author | Steffen Klassert <steffen.klassert@secunet.com> | 2011-02-23 06:54:33 -0500 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2011-02-25 15:00:44 -0500 |
commit | 8f82a6880d8d03961181d973388e1df2772a8b24 (patch) | |
tree | b2eb1374f143610dbf06a686fcfee6b77bff110b /security | |
parent | 4916ca401e3051dad326ddd69765bd0e3f32fb9b (diff) |
selinux: Fix check for xfrm selinux context algorithm
selinux_xfrm_sec_ctx_alloc accidentally checks the xfrm domain of
interpretation against the selinux context algorithm. This patch
fixes this by checking ctx_alg against the selinux context algorithm.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/xfrm.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index fff78d3b51a2..728c57e3d65d 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
@@ -208,7 +208,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, | |||
208 | if (!uctx) | 208 | if (!uctx) |
209 | goto not_from_user; | 209 | goto not_from_user; |
210 | 210 | ||
211 | if (uctx->ctx_doi != XFRM_SC_ALG_SELINUX) | 211 | if (uctx->ctx_alg != XFRM_SC_ALG_SELINUX) |
212 | return -EINVAL; | 212 | return -EINVAL; |
213 | 213 | ||
214 | str_len = uctx->ctx_len; | 214 | str_len = uctx->ctx_len; |