selinux: Fix check for xfrm selinux context algorithm selinux_xfrm_sec_ctx_alloc accidentally checks the xfrm domain of interpretation against the selinux context algorithm. This patch fixes this by checking ctx_alg against the selinux context algorithm. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Eric Paris <eparis@redhat.com>

commit: 8f82a6880d8d03961181d973388e1df2772a8b24 [log] [tgz]
author: Steffen Klassert <steffen.klassert@secunet.com> Wed Feb 23 12:54:33 2011 +0100
committer: Eric Paris <eparis@redhat.com> Fri Feb 25 15:00:44 2011 -0500
tree: b2eb1374f143610dbf06a686fcfee6b77bff110b
parent: 4916ca401e3051dad326ddd69765bd0e3f32fb9b [diff] [blame]
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index fff78d3..728c57e 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c

@@ -208,7 +208,7 @@
 	if (!uctx)
 		goto not_from_user;
 
-	if (uctx->ctx_doi != XFRM_SC_ALG_SELINUX)
+	if (uctx->ctx_alg != XFRM_SC_ALG_SELINUX)
 		return -EINVAL;
 
 	str_len = uctx->ctx_len;
commit	8f82a6880d8d03961181d973388e1df2772a8b24	[log] [tgz]
author	Steffen Klassert <steffen.klassert@secunet.com>	Wed Feb 23 12:54:33 2011 +0100
committer	Eric Paris <eparis@redhat.com>	Fri Feb 25 15:00:44 2011 -0500
tree	b2eb1374f143610dbf06a686fcfee6b77bff110b
parent	4916ca401e3051dad326ddd69765bd0e3f32fb9b [diff] [blame]