SELinux: NULL terminate al contexts from disk When a context is pulled in from disk we don't know that it is null terminated. This patch forecebly null terminates contexts when we pull them from disk. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>

commit: 4cb912f1d1447077160ace9ce3b3a10696dd74e5 [log] [tgz]
author: Eric Paris <eparis@redhat.com> Thu Feb 12 14:50:05 2009 -0500
committer: James Morris <jmorris@namei.org> Sat Feb 14 09:22:30 2009 +1100
tree: 916f112de07ca626b0f398a0fc85943f15306146
parent: 4ba0a8ad63e12a03ae01c039482967cc496b9174 [diff] [blame]
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index aebcfad..309648c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c

@@ -1270,12 +1270,13 @@
 		}
 
 		len = INITCONTEXTLEN;
-		context = kmalloc(len, GFP_NOFS);
+		context = kmalloc(len+1, GFP_NOFS);
 		if (!context) {
 			rc = -ENOMEM;
 			dput(dentry);
 			goto out_unlock;
 		}
+		context[len] = '\0';
 		rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
 					   context, len);
 		if (rc == -ERANGE) {
@@ -1288,12 +1289,13 @@
 			}
 			kfree(context);
 			len = rc;
-			context = kmalloc(len, GFP_NOFS);
+			context = kmalloc(len+1, GFP_NOFS);
 			if (!context) {
 				rc = -ENOMEM;
 				dput(dentry);
 				goto out_unlock;
 			}
+			context[len] = '\0';
 			rc = inode->i_op->getxattr(dentry,
 						   XATTR_NAME_SELINUX,
 						   context, len);
commit	4cb912f1d1447077160ace9ce3b3a10696dd74e5	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Thu Feb 12 14:50:05 2009 -0500
committer	James Morris <jmorris@namei.org>	Sat Feb 14 09:22:30 2009 +1100
tree	916f112de07ca626b0f398a0fc85943f15306146
parent	4ba0a8ad63e12a03ae01c039482967cc496b9174 [diff] [blame]