Gitweb:
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=31e879309474d1666d645b96de99d0b682fa055f
Commit: 31e879309474d1666d645b96de99d0b682fa055f
Parent: a88a8eff1e6e32d3288986a9d36c6a449c032d3a
Author: Eric Paris <[EMAIL PROTECTED]>
AuthorDate: Wed Sep 19 17:19:12 2007 -0400
Committer: James Morris <[EMAIL PROTECTED]>
CommitDate: Thu Sep 20 08:06:40 2007 +1000
SELinux: fix array out of bounds when mounting with selinux options
Given an illegal selinux option it was possible for match_token to work in
random memory at the end of the match_table_t array.
Note that privilege is required to perform a context mount, so this issue is
effectively limited to root only.
Signed-off-by: Eric Paris <[EMAIL PROTECTED]>
Acked-by: Stephen Smalley <[EMAIL PROTECTED]>
Signed-off-by: James Morris <[EMAIL PROTECTED]>
---
security/selinux/hooks.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 3694662..0753b20 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -316,6 +316,7 @@ static inline int inode_doinit(struct inode *inode)
}
enum {
+ Opt_error = -1,
Opt_context = 1,
Opt_fscontext = 2,
Opt_defcontext = 4,
@@ -327,6 +328,7 @@ static match_table_t tokens = {
{Opt_fscontext, "fscontext=%s"},
{Opt_defcontext, "defcontext=%s"},
{Opt_rootcontext, "rootcontext=%s"},
+ {Opt_error, NULL},
};
#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount
options\n"
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
