summaryrefslogtreecommitdiff
path: root/security/selinux
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2018-11-15 11:26:09 -0600
committerLinus Torvalds <torvalds@linux-foundation.org>2018-11-15 11:26:09 -0600
commitda5322e65940e4e8426613a8ff3d99a08b350a52 (patch)
tree5e0b8036ee4a8646bd868cfc256908f87bc2f281 /security/selinux
parent282fd2a2adb487e97ef9cd757848b2112d7b8d0c (diff)
parent877181a8d9dc663f7a73f77f50af714d7888ec3b (diff)
Merge tag 'selinux-pr-20181115' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull SELinux fixes from Paul Moore: "Two small SELinux fixes for v4.20. Ondrej's patch adds a check on user input, and my patch ensures we don't look past the end of a buffer. Both patches are quite small and pass the selinux-testsuite" * tag 'selinux-pr-20181115' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: fix non-MLS handling in mls_context_to_sid() selinux: check length properly in SCTP bind hook
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c3
-rw-r--r--security/selinux/ss/mls.c10
2 files changed, 10 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 7ce683259357..a67459eb62d5 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5318,6 +5318,9 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname,
addr_buf = address;
while (walk_size < addrlen) {
+ if (walk_size + sizeof(sa_family_t) > addrlen)
+ return -EINVAL;
+
addr = addr_buf;
switch (addr->sa_family) {
case AF_UNSPEC:
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index 2fe459df3c85..b7efa2296969 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -245,9 +245,13 @@ int mls_context_to_sid(struct policydb *pol,
char *rangep[2];
if (!pol->mls_enabled) {
- if ((def_sid != SECSID_NULL && oldc) || (*scontext) == '\0')
- return 0;
- return -EINVAL;
+ /*
+ * With no MLS, only return -EINVAL if there is a MLS field
+ * and it did not come from an xattr.
+ */
+ if (oldc && def_sid == SECSID_NULL)
+ return -EINVAL;
+ return 0;
}
/*