Loading security/selinux/selinuxfs.c +36 −1 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ #include <linux/audit.h> #include <linux/uaccess.h> #include <linux/kobject.h> #include <linux/ctype.h> /* selinuxfs pseudo filesystem for exporting the security policy API. Based on the proc code and the fs/nfsd/nfsctl.c code. */ Loading Loading @@ -751,6 +752,14 @@ out: return length; } static inline int hexcode_to_int(int code) { if (code == '\0' || !isxdigit(code)) return -1; if (isdigit(code)) return code - '0'; return tolower(code) - 'a' + 10; } static ssize_t sel_write_create(struct file *file, char *buf, size_t size) { char *scon = NULL, *tcon = NULL; Loading Loading @@ -785,8 +794,34 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size) nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf); if (nargs < 3 || nargs > 4) goto out; if (nargs == 4) if (nargs == 4) { /* * If and when the name of new object to be queried contains * either whitespace or multibyte characters, they shall be * encoded based on the percentage-encoding rule. * If not encoded, the sscanf logic picks up only left-half * of the supplied name; splitted by a whitespace unexpectedly. */ char *r, *w; int c1, c2; r = w = namebuf; do { c1 = *r++; if (c1 == '+') c1 = ' '; else if (c1 == '%') { if ((c1 = hexcode_to_int(*r++)) < 0) goto out; if ((c2 = hexcode_to_int(*r++)) < 0) goto out; c1 = (c1 << 4) | c2; } *w++ = c1; } while (c1 != '\0'); objname = namebuf; } length = security_context_to_sid(scon, strlen(scon) + 1, &ssid); if (length) Loading security/selinux/ss/policydb.c +3 −0 Original line number Diff line number Diff line Loading @@ -3222,6 +3222,9 @@ static int filename_trans_write(struct policydb *p, void *fp) __le32 buf[1]; int rc; if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) return 0; nel = 0; rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel); if (rc) Loading Loading
security/selinux/selinuxfs.c +36 −1 Original line number Diff line number Diff line Loading @@ -29,6 +29,7 @@ #include <linux/audit.h> #include <linux/uaccess.h> #include <linux/kobject.h> #include <linux/ctype.h> /* selinuxfs pseudo filesystem for exporting the security policy API. Based on the proc code and the fs/nfsd/nfsctl.c code. */ Loading Loading @@ -751,6 +752,14 @@ out: return length; } static inline int hexcode_to_int(int code) { if (code == '\0' || !isxdigit(code)) return -1; if (isdigit(code)) return code - '0'; return tolower(code) - 'a' + 10; } static ssize_t sel_write_create(struct file *file, char *buf, size_t size) { char *scon = NULL, *tcon = NULL; Loading Loading @@ -785,8 +794,34 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size) nargs = sscanf(buf, "%s %s %hu %s", scon, tcon, &tclass, namebuf); if (nargs < 3 || nargs > 4) goto out; if (nargs == 4) if (nargs == 4) { /* * If and when the name of new object to be queried contains * either whitespace or multibyte characters, they shall be * encoded based on the percentage-encoding rule. * If not encoded, the sscanf logic picks up only left-half * of the supplied name; splitted by a whitespace unexpectedly. */ char *r, *w; int c1, c2; r = w = namebuf; do { c1 = *r++; if (c1 == '+') c1 = ' '; else if (c1 == '%') { if ((c1 = hexcode_to_int(*r++)) < 0) goto out; if ((c2 = hexcode_to_int(*r++)) < 0) goto out; c1 = (c1 << 4) | c2; } *w++ = c1; } while (c1 != '\0'); objname = namebuf; } length = security_context_to_sid(scon, strlen(scon) + 1, &ssid); if (length) Loading
security/selinux/ss/policydb.c +3 −0 Original line number Diff line number Diff line Loading @@ -3222,6 +3222,9 @@ static int filename_trans_write(struct policydb *p, void *fp) __le32 buf[1]; int rc; if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) return 0; nel = 0; rc = hashtab_map(p->filename_trans, hashtab_cnt, &nel); if (rc) Loading
