Merge tag 'selinux-pr-20180130' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull selinux updates from Paul Moore:
"A small pull request this time, just three patches, and one of these
is just a comment update (swap the FSF physical address for a URL).

The other two patches are small bug fixes found by szybot/syzkaller;
they individual patch descriptions should tell you all you ever wanted
to know"

* tag 'selinux-pr-20180130' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: skip bounded transition processing if the policy isn't loaded
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
security: replace FSF address with web source in license notices

Linus Torvalds 8 years ago 2cfa1cd3 3dbc4f54

+13 -14

3 changed files

expand all

security

selinux

include

netlabel.h

netlabel.c

services.c

+1 -2

security/selinux/include/netlabel.h

··· 19 19 * the GNU General Public License for more details. 20 20 * 21 21 * You should have received a copy of the GNU General Public License 22 - * along with this program; if not, write to the Free Software 23 - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 22 + * along with this program. If not, see <http://www.gnu.org/licenses/>. 24 23 * 25 24 */ 26 25

+1 -2

security/selinux/netlabel.c

··· 22 22 * the GNU General Public License for more details. 23 23 * 24 24 * You should have received a copy of the GNU General Public License 25 - * along with this program; if not, write to the Free Software 26 - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 25 + * along with this program. If not, see <http://www.gnu.org/licenses/>. 27 26 * 28 27 */ 29 28

+11 -10

security/selinux/ss/services.c

··· 867 867 int index; 868 868 int rc; 869 869 870 + if (!ss_initialized) 871 + return 0; 872 + 870 873 read_lock(&policy_rwlock); 871 874 872 875 rc = -EINVAL; ··· 1416 1413 if (!scontext_len) 1417 1414 return -EINVAL; 1418 1415 1416 + /* Copy the string to allow changes and ensure a NUL terminator */ 1417 + scontext2 = kmemdup_nul(scontext, scontext_len, gfp_flags); 1418 + if (!scontext2) 1419 + return -ENOMEM; 1420 + 1419 1421 if (!ss_initialized) { 1420 1422 int i; 1421 1423 1422 1424 for (i = 1; i < SECINITSID_NUM; i++) { 1423 - if (!strcmp(initial_sid_to_string[i], scontext)) { 1425 + if (!strcmp(initial_sid_to_string[i], scontext2)) { 1424 1426 *sid = i; 1425 - return 0; 1427 + goto out; 1426 1428 } 1427 1429 } 1428 1430 *sid = SECINITSID_KERNEL; 1429 - return 0; 1431 + goto out; 1430 1432 } 1431 1433 *sid = SECSID_NULL; 1432 - 1433 - /* Copy the string so that we can modify the copy as we parse it. */ 1434 - scontext2 = kmalloc(scontext_len + 1, gfp_flags); 1435 - if (!scontext2) 1436 - return -ENOMEM; 1437 - memcpy(scontext2, scontext, scontext_len); 1438 - scontext2[scontext_len] = 0; 1439 1434 1440 1435 if (force) { 1441 1436 /* Save another copy for storing in uninterpreted form */