Commit c36f74e6 authored Feb 24, 2010 by Joshua Roys Committed by James Morris Feb 25, 2010

netlabel: fix export of SELinux categories > 127



This fixes corrupted CIPSO packets when SELinux categories greater than 127
are used.  The bug occured on the second (and later) loops through the
while; the inner for loop through the ebitmap->maps array used the same
index as the NetLabel catmap->bitmap array, even though the NetLabel bitmap
is twice as long as the SELinux bitmap.

Signed-off-by: Joshua Roys <joshua.roys@gtri.gatech.edu>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>

parent baac35c4

security/selinux/ss/ebitmap.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -128,7 +128,7 @@ int ebitmap_netlbl_export(struct ebitmap *ebmap,
	cmap_idx = delta / NETLBL_CATMAP_MAPSIZE;		cmap_idx = delta / NETLBL_CATMAP_MAPSIZE;
	cmap_sft = delta % NETLBL_CATMAP_MAPSIZE;		cmap_sft = delta % NETLBL_CATMAP_MAPSIZE;
	c_iter->bitmap[cmap_idx]		c_iter->bitmap[cmap_idx]
	\|= e_iter->maps[cmap_idx] << cmap_sft;		\|= e_iter->maps[i] << cmap_sft;
	}		}
	e_iter = e_iter->next;		e_iter = e_iter->next;
	}		}