lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

selinux: Fix check for xfrm selinux context algorithm

Browse Source 
selinux_xfrm_sec_ctx_alloc accidentally checks the xfrm domain of
interpretation against the selinux context algorithm. This patch
fixes this by checking ctx_alg against the selinux context algorithm.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
Steffen Klassert
2011-02-23 12:54:33 +01:00
committed by Eric Paris
parent 4916ca401e
commit 8f82a6880d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
security/selinux/xfrm.c
View File

@@ -208,7 +208,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
if (!uctx) if (!uctx)
goto not_from_user; goto not_from_user;
if (uctx->ctx_doi != XFRM_SC_ALG_SELINUX) if (uctx->ctx_alg != XFRM_SC_ALG_SELINUX)
return -EINVAL; return -EINVAL;
str_len = uctx->ctx_len; str_len = uctx->ctx_len;