diff options
| author | Eric Paris <[email protected]> | 2007-09-19 21:19:12 +0000 |
|---|---|---|
| committer | James Morris <[email protected]> | 2007-09-19 22:06:40 +0000 |
| commit | 31e879309474d1666d645b96de99d0b682fa055f (patch) | |
| tree | bb9d45dc85e03044b5ee7635f3646774bcbb30d4 /security/selinux/hooks.c | |
| parent | Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus (diff) | |
| download | kernel-31e879309474d1666d645b96de99d0b682fa055f.tar.gz kernel-31e879309474d1666d645b96de99d0b682fa055f.zip | |
SELinux: fix array out of bounds when mounting with selinux options
Given an illegal selinux option it was possible for match_token to work in
random memory at the end of the match_table_t array.
Note that privilege is required to perform a context mount, so this issue is
effectively limited to root only.
Signed-off-by: Eric Paris <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
Signed-off-by: James Morris <[email protected]>
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 36946629b6ca..0753b20e23fe 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -316,6 +316,7 @@ static inline int inode_doinit(struct inode *inode) } enum { + Opt_error = -1, Opt_context = 1, Opt_fscontext = 2, Opt_defcontext = 4, @@ -327,6 +328,7 @@ static match_table_t tokens = { {Opt_fscontext, "fscontext=%s"}, {Opt_defcontext, "defcontext=%s"}, {Opt_rootcontext, "rootcontext=%s"}, + {Opt_error, NULL}, }; #define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n" |