From: Linus Torvalds Date: Thu, 15 Nov 2018 17:26:09 +0000 (-0600) Subject: Merge tag 'selinux-pr-20181115' of git://git.kernel.org/pub/scm/linux/kernel/git... X-Git-Tag: v4.20-rc3~15 X-Git-Url: http://git.samba.org/samba.git/?p=sfrench%2Fcifs-2.6.git;a=commitdiff_plain;h=da5322e65940e4e8426613a8ff3d99a08b350a52;hp=282fd2a2adb487e97ef9cd757848b2112d7b8d0c Merge tag 'selinux-pr-20181115' of git://git./linux/kernel/git/pcmoore/selinux Pull SELinux fixes from Paul Moore: "Two small SELinux fixes for v4.20. Ondrej's patch adds a check on user input, and my patch ensures we don't look past the end of a buffer. Both patches are quite small and pass the selinux-testsuite" * tag 'selinux-pr-20181115' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: fix non-MLS handling in mls_context_to_sid() selinux: check length properly in SCTP bind hook --- diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 7ce683259357..a67459eb62d5 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5318,6 +5318,9 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname, addr_buf = address; while (walk_size < addrlen) { + if (walk_size + sizeof(sa_family_t) > addrlen) + return -EINVAL; + addr = addr_buf; switch (addr->sa_family) { case AF_UNSPEC: diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index 2fe459df3c85..b7efa2296969 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c @@ -245,9 +245,13 @@ int mls_context_to_sid(struct policydb *pol, char *rangep[2]; if (!pol->mls_enabled) { - if ((def_sid != SECSID_NULL && oldc) || (*scontext) == '\0') - return 0; - return -EINVAL; + /* + * With no MLS, only return -EINVAL if there is a MLS field + * and it did not come from an xattr. + */ + if (oldc && def_sid == SECSID_NULL) + return -EINVAL; + return 0; } /*