sugar/linux
1
0
Fork 0
Code Activity

Merge tag 'selinux-pr-20190312' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Browse Source 
Pull selinux fixes from Paul Moore:
 "Two small fixes for SELinux in v5.1: one adds a buffer length check to
  the SELinux SCTP code, the other ensures that the SELinux labeling for
  a NFS mount is not disabled if the filesystem is mounted twice"

* tag 'selinux-pr-20190312' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock
  selinux: add the missing walk_size + len check in selinux_sctp_bind_connect
This commit is contained in:
Linus Torvalds
2019-03-13 11:10:42 -07:00
parent 8636b1dbce 3815a245b5
commit fa3d493f7a
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
security/selinux/hooks.c
View File

@@ -939,8 +939,11 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED)); BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
/* if fs is reusing a sb, make sure that the contexts match */ /* if fs is reusing a sb, make sure that the contexts match */
if (newsbsec->flags & SE_SBINITIALIZED) if (newsbsec->flags & SE_SBINITIALIZED) {
if ((kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context)
*set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
return selinux_cmp_sb_context(oldsb, newsb); return selinux_cmp_sb_context(oldsb, newsb);
}
mutex_lock(&newsbsec->lock); mutex_lock(&newsbsec->lock);
@@ -5134,6 +5137,9 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname,
return -EINVAL; return -EINVAL;
} }
if (walk_size + len > addrlen)
return -EINVAL;
err = -EINVAL; err = -EINVAL;
switch (optname) { switch (optname) {
/* Bind checks */ /* Bind checks */