Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / fe1cb580e84865f3c6be99b952a626323228e781
commitfe1cb580e84865f3c6be99b952a626323228e781[log] [tgz]
authorPaul Moore <paul@paul-moore.com>Tue Nov 28 18:51:12 2017 -0500
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Sun Feb 25 11:05:41 2018 +0100
tree177d89b2c150129944b9c79e66c9f65ca89f7d8c
parent5cab144f072bdae16f37a06efb0dad210c7ff7bb [diff]
selinux: ensure the context is NUL terminated in security_context_to_sid_core()

commit ef28df55ac27e1e5cd122e19fa311d886d47a756 upstream.

The syzbot/syzkaller automated tests found a problem in
security_context_to_sid_core() during early boot (before we load the
SELinux policy) where we could potentially feed context strings without
NUL terminators into the strcmp() function.

We already guard against this during normal operation (after the SELinux
policy has been loaded) by making a copy of the context strings and
explicitly adding a NUL terminator to the end.  The patch extends this
protection to the early boot case (no loaded policy) by moving the context
copy earlier in security_context_to_sid_core().

Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Reviewed-By: William Roberts <william.c.roberts@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 file changed
tree: 177d89b2c150129944b9c79e66c9f65ca89f7d8c
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS