Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / a280b89982f48e9a32c6410a37419b12ca88af6b
commita280b89982f48e9a32c6410a37419b12ca88af6b[log] [tgz]
authorJames Morris <jmorris@namei.org>Sun Jul 30 20:46:38 2006 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>Wed Aug 02 13:38:23 2006 -0700
treebf9cf034ed75a492bf84a73b7be75d94f2782e50
parente795d092507d571d66f2ec98d3efdc7dd284bf80 [diff]
[SECURITY] secmark: nul-terminate secdata

The patch below fixes a problem in the iptables SECMARK target, where
the user-supplied 'selctx' string may not be nul-terminated.

From initial analysis, it seems that the strlen() called from
selinux_string_to_sid() could run until it arbitrarily finds a zero,
and possibly cause a kernel oops before then.

The impact of this appears limited because the operation requires
CAP_NET_ADMIN, which is essentially always root.  Also, the module is
not yet in wide use.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 file changed
tree: bf9cf034ed75a492bf84a73b7be75d94f2782e50
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. fs/
  7. include/
  8. init/
  9. ipc/
  10. kernel/
  11. lib/
  12. mm/
  13. net/
  14. scripts/
  15. security/
  16. sound/
  17. usr/
  18. .gitignore
  19. COPYING
  20. CREDITS
  21. Kbuild
  22. MAINTAINERS
  23. Makefile
  24. README
  25. REPORTING-BUGS