From: Venkat Yekkirala Date: Tue, 24 Jul 2007 14:53:23 +0000 (-0500) Subject: SELinux: null-terminate context string in selinux_xfrm_sec_ctx_alloc X-Git-Tag: v2.6.23-rc2~272^2 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=910949a66839ff5f59fede5b7cb68ecf1453e22c;p=linux-2.6 SELinux: null-terminate context string in selinux_xfrm_sec_ctx_alloc xfrm_audit_log() expects the context string to be null-terminated which currently doesn't happen with user-supplied contexts. Signed-off-by: Venkat Yekkirala Acked-by: Stephen Smalley Signed-off-by: James Morris --- diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index bd8d1ef40a..ba715f40b6 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c @@ -216,7 +216,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, return -ENOMEM; *ctxp = ctx = kmalloc(sizeof(*ctx) + - uctx->ctx_len, + uctx->ctx_len + 1, GFP_KERNEL); if (!ctx) @@ -229,6 +229,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, memcpy(ctx->ctx_str, uctx+1, ctx->ctx_len); + ctx->ctx_str[ctx->ctx_len] = 0; rc = security_context_to_sid(ctx->ctx_str, ctx->ctx_len, &ctx->ctx_sid);