From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch changes security_context_to_sid to check the length of the
processed security context against the full length of the provided context,
rejecting any further data.

Signed-off-by:  Stephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 25-akpm/security/selinux/ss/mls.c      |    2 +-
 25-akpm/security/selinux/ss/services.c |    5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff -puN security/selinux/ss/mls.c~selinux-check-processed-security-context-length security/selinux/ss/mls.c
--- 25/security/selinux/ss/mls.c~selinux-check-processed-security-context-length	Tue Jun  1 16:29:47 2004
+++ 25-akpm/security/selinux/ss/mls.c	Tue Jun  1 16:29:47 2004
@@ -290,7 +290,7 @@ int mls_context_to_sid(char oldc,
 		if (rc)
 			goto out;
 	}
-	*scontext = p;
+	*scontext = ++p;
 	rc = 0;
 out:
 	return rc;
diff -puN security/selinux/ss/services.c~selinux-check-processed-security-context-length security/selinux/ss/services.c
--- 25/security/selinux/ss/services.c~selinux-check-processed-security-context-length	Tue Jun  1 16:29:47 2004
+++ 25-akpm/security/selinux/ss/services.c	Tue Jun  1 16:29:47 2004
@@ -532,6 +532,11 @@ int security_context_to_sid(char *sconte
 	if (rc)
 		goto out_unlock;
 
+	if ((p - scontext2) < scontext_len) {
+		rc = -EINVAL;
+		goto out_unlock;
+	}
+
 	/* Check the validity of the new context. */
 	if (!policydb_context_isvalid(&policydb, &context)) {
 		rc = -EINVAL;
_