Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2ef45916 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'selinux-pr-20191007' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux 

Pull selinuxfix from Paul Moore:
 "One patch to ensure we don't copy bad memory up into userspace"

* tag 'selinux-pr-20191007' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: fix context string corruption in convert_context()
parents f54e66ae 2a524393

security/selinux/ss/services.c

+8 −1
Original line number Diff line number Diff line
@@ -1946,7 +1946,14 @@ static int convert_context(struct context *oldc, struct context *newc, void *p) 
		rc = string_to_context_struct(args->newp, NULL, s,

					      newc, SECSID_NULL);

		if (rc == -EINVAL) {

			/* Retain string representation for later mapping. */

			/*

			 * Retain string representation for later mapping.

			 *

			 * IMPORTANT: We need to copy the contents of oldc->str

			 * back into s again because string_to_context_struct()

			 * may have garbled it.

			 */

			memcpy(s, oldc->str, oldc->len);

			context_init(newc);

			newc->str = s;

			newc->len = oldc->len;