diff options
author | Andrew Morton <akpm@osdl.org> | 2003-08-18 18:33:38 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@home.osdl.org> | 2003-08-18 18:33:38 -0700 |
commit | ff95eddd7077cc1577c358d8cc0fef7033557de4 (patch) | |
tree | f5608e261f94362ac7d87da61a0bb5e5b593f02e /security | |
parent | 1c8141192585728fafe7a25250ae2b11b4693ac1 (diff) | |
download | history-ff95eddd7077cc1577c358d8cc0fef7033557de4.tar.gz |
[PATCH] SELinux check behavior value
From: Stephen Smalley <sds@epoch.ncsc.mil>
This patch fixes a bug in the SELinux module by adding a check of the
filesystem labeling behavior value obtained from the policy.
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/hooks.c | 12 | ||||
-rw-r--r-- | security/selinux/ss/policydb.c | 2 |
2 files changed, 11 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 6321894561e04a..9083e09b6b4e85 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -313,9 +313,15 @@ static int superblock_doinit(struct super_block *sb) sbsec->initialized = 1; - printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n", - sb->s_id, sb->s_type->name, - labeling_behaviors[sbsec->behavior-1]); + if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) { + printk(KERN_INFO "SELinux: initialized (dev %s, type %s), unknown behavior\n", + sb->s_id, sb->s_type->name); + } + else { + printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n", + sb->s_id, sb->s_type->name, + labeling_behaviors[sbsec->behavior-1]); + } /* Initialize the root inode. */ rc = inode_doinit_with_dentry(sb->s_root->d_inode, sb->s_root); diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index ace257310fa3a1..d1ffecbbd117d7 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -1301,6 +1301,8 @@ int policydb_read(struct policydb *p, void *fp) if (!buf) goto bad; c->v.behavior = le32_to_cpu(buf[0]); + if (c->v.behavior > SECURITY_FS_USE_NONE) + goto bad; len = le32_to_cpu(buf[1]); buf = next_entry(fp, len); if (!buf) |