SELinux: null-terminate context string in selinux_xfrm_sec_ctx_alloc

xfrm_audit_log() expects the context string to be null-terminated which currently doesn't happen with user-supplied contexts. Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
author: Venkat Yekkirala <vyekkirala@trustedcs.com> 2007-07-24 09:53:23 -0500
committer: James Morris <jmorris@namei.org> 2007-07-25 12:49:41 -0400
commit: 910949a66839ff5f59fede5b7cb68ecf1453e22c (patch)
tree: 6842924dba1c4af0397d06aa4b6363e8c26c220e /security/selinux
parent: 0de085bb474f64e4fdb2f1ff3268590792648c7b (diff)
download: olio-linux-3.10-910949a66839ff5f59fede5b7cb68ecf1453e22c.tar.xz
olio-linux-3.10-910949a66839ff5f59fede5b7cb68ecf1453e22c.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index bd8d1ef40a9..ba715f40b65 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -216,7 +216,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
 		return -ENOMEM;
 
 	*ctxp = ctx = kmalloc(sizeof(*ctx) +
-			      uctx->ctx_len,
+			      uctx->ctx_len + 1,
 			      GFP_KERNEL);
 
 	if (!ctx)
@@ -229,6 +229,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
 	memcpy(ctx->ctx_str,
 	       uctx+1,
 	       ctx->ctx_len);
+	ctx->ctx_str[ctx->ctx_len] = 0;
 	rc = security_context_to_sid(ctx->ctx_str,
 				     ctx->ctx_len,
 				     &ctx->ctx_sid);
author	Venkat Yekkirala <vyekkirala@trustedcs.com>	2007-07-24 09:53:23 -0500
committer	James Morris <jmorris@namei.org>	2007-07-25 12:49:41 -0400
commit	910949a66839ff5f59fede5b7cb68ecf1453e22c (patch)
tree	6842924dba1c4af0397d06aa4b6363e8c26c220e /security/selinux
parent	0de085bb474f64e4fdb2f1ff3268590792648c7b (diff)
download	olio-linux-3.10-910949a66839ff5f59fede5b7cb68ecf1453e22c.tar.xz olio-linux-3.10-910949a66839ff5f59fede5b7cb68ecf1453e22c.zip