selinux/stable-5.1 PR 20190312
-----BEGIN PGP SIGNATURE----- iQJIBAABCAAyFiEES0KozwfymdVUl37v6iDy2pc3iXMFAlyIOIMUHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQ6iDy2pc3iXMJQg//X8wOXFpzZhVav9bvuMfjg8OZ4R0K FxGo4L5A7LCYLqmbDL2pyEan4l8w7mXr3dlISLf5KbFSXo5Nm9zAyG57MfGg3rfI zIUkRbmp0V6sqg2lNDWhk5ntvtyl4qizgIFsAgfHFbKV0/usf5GiuaipUpVC3hXf QE/MKYLXdaibkkgDl3JWWxTiRBX6m2M0FEMmhiKGWNmu3cjhLQVUFJsR14JMtp1e Z8NDqT+8iHtbwZGl6Az0u1WauYqn0v2CXxnwr6O7mUJ+2PzgJzLI0OrTacTbfEw5 3uAHVGeHkZmLI5W0RUIJ0LeUs1XvCBFvUOktLP4f3iOFwqapQhY1dxJH07OViTem VbA1VX8i2fwMyYj9H4FpCsX09syNyFqRDJkP27VIGcl/3EZRGOTi9GO4ziV0y41N /DOhAJANbDASSvcxve1x/ZGp6qRlEzjpPXW9HljavFdOBXnQcnoT0k7t1I+m8knT E0+vgNCNO9azWo+0yK5PP2RFVOEBgrDzSd2JWjOYgVfSbzr/994zTpEHgFxL6D1t 8Kp4hMlfRCKTNY+Czg/cQx5wlKAUfcEltZPwqkH02b6OgiE/6J8oHDzHM76eBm7Z 4qSdKP5DqGbcuVt3bO1QRtsWC7zIVun2AvCOrpCdvjUFCDySZGOSQRGdrgfnpLYg 7lC0qkoXqvQvYgA= =A0xD -----END PGP SIGNATURE----- Merge tag 'selinux-pr-20190312' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux Pull selinux fixes from Paul Moore: "Two small fixes for SELinux in v5.1: one adds a buffer length check to the SELinux SCTP code, the other ensures that the SELinux labeling for a NFS mount is not disabled if the filesystem is mounted twice" * tag 'selinux-pr-20190312' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock selinux: add the missing walk_size + len check in selinux_sctp_bind_connect
This commit is contained in:
Linus Torvalds
commit
fa3d493f7a
|
|
@ -939,8 +939,11 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb,
|
|||
BUG_ON(!(oldsbsec->flags & SE_SBINITIALIZED));
|
||||
|
||||
/* if fs is reusing a sb, make sure that the contexts match */
|
||||
if (newsbsec->flags & SE_SBINITIALIZED)
|
||||
if (newsbsec->flags & SE_SBINITIALIZED) {
|
||||
if ((kern_flags & SECURITY_LSM_NATIVE_LABELS) && !set_context)
|
||||
*set_kern_flags |= SECURITY_LSM_NATIVE_LABELS;
|
||||
return selinux_cmp_sb_context(oldsb, newsb);
|
||||
}
|
||||
|
||||
mutex_lock(&newsbsec->lock);
|
||||
|
||||
|
|
@ -5134,6 +5137,9 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname,
|
|||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (walk_size + len > addrlen)
|
||||
return -EINVAL;
|
||||
|
||||
err = -EINVAL;
|
||||
switch (optname) {
|
||||
/* Bind checks */
|
||||
|
|
|
|||
Loading…
Reference in New Issue