git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Paul Moore <paul@paul-moore.com>
	Tue, 28 Nov 2017 23:51:12 +0000 (18:51 -0500)
committer	Seth Forshee <seth.forshee@canonical.com>
	Wed, 28 Feb 2018 14:46:32 +0000 (08:46 -0600)
commit	2978403484f9fda9c70206bb9093ea1ae2fe1246
tree	e8383368309a0774cf8ec7b731c7e528715ca51f	tree
parent	a0a918ff4865586a82ff2b5fc6c6afc157821824	commit \| diff

selinux: ensure the context is NUL terminated in security_context_to_sid_core()

BugLink: http://bugs.launchpad.net/bugs/1752119
commit ef28df55ac27e1e5cd122e19fa311d886d47a756 upstream.

The syzbot/syzkaller automated tests found a problem in
security_context_to_sid_core() during early boot (before we load the
SELinux policy) where we could potentially feed context strings without
NUL terminators into the strcmp() function.

We already guard against this during normal operation (after the SELinux
policy has been loaded) by making a copy of the context strings and
explicitly adding a NUL terminator to the end. The patch extends this
protection to the early boot case (no loaded policy) by moving the context
copy earlier in security_context_to_sid_core().

Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Reviewed-By: William Roberts <william.c.roberts@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>