Commit 8f82a688 authored Feb 23, 2011 by Steffen Klassert Committed by Eric Paris Feb 25, 2011

selinux: Fix check for xfrm selinux context algorithm



selinux_xfrm_sec_ctx_alloc accidentally checks the xfrm domain of
interpretation against the selinux context algorithm. This patch
fixes this by checking ctx_alg against the selinux context algorithm.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: Eric Paris <eparis@redhat.com>

parent 4916ca40

security/selinux/xfrm.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -208,7 +208,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
		if (!uctx)
		goto not_from_user;

		if (uctx->ctx_doi != XFRM_SC_ALG_SELINUX)
		if (uctx->ctx_alg != XFRM_SC_ALG_SELINUX)
		return -EINVAL;

		str_len = uctx->ctx_len;