Eric Lee / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit a280b89982f48e9a32c6410a37419b12ca88af6b

Authored by James Morris
Committed by David S. Miller
1 parent e795d09250

[SECURITY] secmark: nul-terminate secdata 

The patch below fixes a problem in the iptables SECMARK target, where
the user-supplied 'selctx' string may not be nul-terminated.

From initial analysis, it seems that the strlen() called from
selinux_string_to_sid() could run until it arbitrarily finds a zero,
and possibly cause a kernel oops before then.

The impact of this appears limited because the operation requires
CAP_NET_ADMIN, which is essentially always root.  Also, the module is
not yet in wide use.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David S. Miller <davem@davemloft.net>

Showing 1 changed file with 2 additions and 0 deletions Side-by-side Diff

net/netfilter/xt_SECMARK.c
Diff comments   View file @ a280b89
... ... @@ -57,6 +57,8 @@
57 57 {
58 58 int err;
59 59 struct xt_secmark_target_selinux_info *sel = &info->u.sel;
  60 +
  61 + sel->selctx[SECMARK_SELCTX_MAX - 1] = '\0';
60 62  
61 63 err = selinux_string_to_sid(sel->selctx, &sel->selsid);
62 64 if (err) {