On Thu, 12 Feb 2009, Eric Paris wrote:
> When a context is pulled in from disk we don't know that it is null
> terminated. This patch forecebly null terminates contexts when we pull
> them from disk.
>
> Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
Applied.
> ---
>
> security/selinux/hooks.c | 6 ++++--
> 1 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 45e286c..4afaeac 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1290,12 +1290,13 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
> }
>
> len = INITCONTEXTLEN;
> - context = kmalloc(len, GFP_NOFS);
> + context = kmalloc(len+1, GFP_NOFS);
> if (!context) {
> rc = -ENOMEM;
> dput(dentry);
> goto out_unlock;
> }
> + context[len] = '\0';
> rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
> context, len);
> if (rc == -ERANGE) {
> @@ -1308,12 +1309,13 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
> }
> kfree(context);
> len = rc;
> - context = kmalloc(len, GFP_NOFS);
> + context = kmalloc(len+1, GFP_NOFS);
> if (!context) {
> rc = -ENOMEM;
> dput(dentry);
> goto out_unlock;
> }
> + context[len] = '\0';
> rc = inode->i_op->getxattr(dentry,
> XATTR_NAME_SELINUX,
> context, len);
>
--
James Morris
<jmorris@xxxxxxxxx>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
