adulau/aha
1
0
Fork 0
mirror of https://github.com/adulau/aha.git synced 2025-01-01 05:36:24 +00:00
Code Issues Projects Releases Packages Wiki Activity

[SECURITY] secmark: nul-terminate secdata

Browse source 
The patch below fixes a problem in the iptables SECMARK target, where
the user-supplied 'selctx' string may not be nul-terminated.

From initial analysis, it seems that the strlen() called from
selinux_string_to_sid() could run until it arbitrarily finds a zero,
and possibly cause a kernel oops before then.

The impact of this appears limited because the operation requires
CAP_NET_ADMIN, which is essentially always root.  Also, the module is
not yet in wide use.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
James Morris 2006-07-30 20:46:38 -07:00 committed by David S. Miller
parent e795d09250
commit a280b89982
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/netfilter/xt_SECMARK.c
View file

@ -57,6 +57,8 @@ static int checkentry_selinux(struct xt_secmark_target_info *info)
{
int err;
struct xt_secmark_target_selinux_info *sel = &info->u.sel;
sel->selctx[SECMARK_SELCTX_MAX - 1] = '\0';
err = selinux_string_to_sid(sel->selctx, &sel->selsid);
if (err) {