From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Wed, 23 Feb 2011 11:54:33 +0000 (+0100)
Subject: selinux: Fix check for xfrm selinux context algorithm
X-Git-Tag: Ubuntu-goldfish-3.4.0-4.27~3091^2^2~27^2~9
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=8f82a6880d8d03961181d973388e1df2772a8b24;p=mirror_ubuntu-zesty-kernel.git

selinux: Fix check for xfrm selinux context algorithm

selinux_xfrm_sec_ctx_alloc accidentally checks the xfrm domain of
interpretation against the selinux context algorithm. This patch
fixes this by checking ctx_alg against the selinux context algorithm.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
---

diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index fff78d3b51a2..728c57e3d65d 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -208,7 +208,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
 	if (!uctx)
 		goto not_from_user;
 
-	if (uctx->ctx_doi != XFRM_SC_ALG_SELINUX)
+	if (uctx->ctx_alg != XFRM_SC_ALG_SELINUX)
 		return -EINVAL;
 
 	str_len = uctx->ctx_len;