selinux: ensure the context is NUL terminated in security_context_to_sid_core() - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Paul Moore <paul@paul-moore.com>	2017-11-28 18:51:12 -0500
committer	Moyster <oysterized@gmail.com>	2019-07-06 11:52:14 +0200
commit	eef15de512e71e02198ec2775f91232e2dcf4e4c (patch)
tree	99eca6c626272cd3a9a5aa8b0df265bc022f9726 /kernel
parent	c3adf4ac17b9a3957e9feb108aedaca807389cee (diff)

selinux: ensure the context is NUL terminated in security_context_to_sid_core()

commit ef28df55ac27e1e5cd122e19fa311d886d47a756 upstream. The syzbot/syzkaller automated tests found a problem in security_context_to_sid_core() during early boot (before we load the SELinux policy) where we could potentially feed context strings without NUL terminators into the strcmp() function. We already guard against this during normal operation (after the SELinux policy has been loaded) by making a copy of the context strings and explicitly adding a NUL terminator to the end. The patch extends this protection to the early boot case (no loaded policy) by moving the context copy earlier in security_context_to_sid_core(). Change-Id: I015908f3cfa4fe74e0300c399c15d854aa14d2ea Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Reviewed-By: William Roberts <william.c.roberts@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'kernel')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: