selinux: Fix check for xfrm selinux context algorithm

selinux_xfrm_sec_ctx_alloc accidentally checks the xfrm domain of interpretation against the selinux context algorithm. This patch fixes this by checking ctx_alg against the selinux context algorithm. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Eric Paris <eparis@redhat.com>

selinux: Fix check for xfrm selinux context algorithm
selinux_xfrm_sec_ctx_alloc accidentally checks the xfrm domain of interpretation against the selinux context algorithm. This patch fixes this by checking ctx_alg against the selinux context algorithm. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Eric Paris <eparis@redhat.com>
Steffen Klassert · Eric Paris
1 parent 4916ca401e
Showing 1 changed file with 1 additions and 1 deletions Side-by-side Diff
security/selinux/xfrm.c
@@ -208,7 +208,7 @@
 	if (!uctx)
 		goto not_from_user;
  
-	if (uctx->ctx_doi != XFRM_SC_ALG_SELINUX)
+	if (uctx->ctx_alg != XFRM_SC_ALG_SELINUX)
 		return -EINVAL;
  
 	str_len = uctx->ctx_len;
...	...	@@ -208,7 +208,7 @@
208	208	if (!uctx)
209	209	goto not_from_user;
210	210
211		- if (uctx->ctx_doi != XFRM_SC_ALG_SELINUX)
	211	+ if (uctx->ctx_alg != XFRM_SC_ALG_SELINUX)
212	212	return -EINVAL;
213	213
214	214	str_len = uctx->ctx_len;