On Mon, 2011-02-14 at 14:17 +0100, Steffen Klassert wrote: > selinux_xfrm_sec_ctx_alloc accidentally checks the xfrm domain of > interpretation against the selinux context algorithm. This patch > fixes this by checking ctx_alg against the selinux context algorithm. > > Signed-off-by: Steffen Klassert <steffen.klassert@xxxxxxxxxxx> Might also be a good candidate for stable. Acked-by: Paul Moore <paul.moore@xxxxxx> > --- > security/selinux/xfrm.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c > index fff78d3..728c57e 100644 > --- a/security/selinux/xfrm.c > +++ b/security/selinux/xfrm.c > @@ -208,7 +208,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, > if (!uctx) > goto not_from_user; > > - if (uctx->ctx_doi != XFRM_SC_ALG_SELINUX) > + if (uctx->ctx_alg != XFRM_SC_ALG_SELINUX) > return -EINVAL; > > str_len = uctx->ctx_len; -- paul moore linux @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
