tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

selinux: Fix an uninitialized variable BUG/panic in selinux_secattr_to_sid()

At some point during the 2.6.27 development cycle two new fields were added
to the SELinux context structure, a string pointer and a length field. The
code in selinux_secattr_to_sid() was not modified and as a result these two
fields were left uninitialized which could result in erratic behavior,
including kernel panics, when NetLabel is used. This patch fixes the
problem by fully initializing the context in selinux_secattr_to_sid() before
use and reducing the level of direct context manipulation done to help
prevent future problems.

Please apply this to the 2.6.27-rcX release stream.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>

authored by Paul Moore and committed by James Morris 3040a6d5 b5ff7df3

+4 -7
unified split
+4 -7
security/selinux/ss/services.c
··· 2737 2737 if (ctx == NULL) 2738 2738 goto netlbl_secattr_to_sid_return; 2739 2739 2740 + context_init(&ctx_new); 2740 2741 ctx_new.user = ctx->user; 2741 2742 ctx_new.role = ctx->role; 2742 2743 ctx_new.type = ctx->type; ··· 2746 2745 if (ebitmap_netlbl_import(&ctx_new.range.level[0].cat, 2747 2746 secattr->attr.mls.cat) != 0) 2748 2747 goto netlbl_secattr_to_sid_return; 2749 - ctx_new.range.level[1].cat.highbit = 2750 - ctx_new.range.level[0].cat.highbit; 2751 - ctx_new.range.level[1].cat.node = 2752 - ctx_new.range.level[0].cat.node; 2753 - } else { 2754 - ebitmap_init(&ctx_new.range.level[0].cat); 2755 - ebitmap_init(&ctx_new.range.level[1].cat); 2748 + memcpy(&ctx_new.range.level[1].cat, 2749 + &ctx_new.range.level[0].cat, 2750 + sizeof(ctx_new.range.level[0].cat)); 2756 2751 } 2757 2752 if (mls_context_isvalid(&policydb, &ctx_new) != 1) 2758 2753 goto netlbl_secattr_to_sid_return_cleanup;