On Thu, 30 Nov 2017, Paul Moore wrote: > From: Paul Moore <paul@xxxxxxxxxxxxxx> > > The syzbot/syzkaller automated tests found a problem in > security_context_to_sid_core() during early boot (before we load the > SELinux policy) where we could potentially feed context strings without > NULL terminators into the strcmp() function. > > We already guard against this during normal operation (after the SELinux > policy has been loaded) by making a copy of the context strings and > explicitly adding a NULL terminator to the end. The patch extends this > protection to the early boot case (no loaded policy) by moving the context > copy earlier in security_context_to_sid_core(). > > Reported-by: syzbot <syzkaller@xxxxxxxxxxxxxxxx> > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> Reviewed-by: James Morris <james.l.morris@xxxxxxxxxx> -- James Morris <james.l.morris@xxxxxxxxxx>
