From: James Morris <jmorris@namei.org>
Date: Mon, 31 Jul 2006 03:46:38 +0000 (-0700)
Subject: [SECURITY] secmark: nul-terminate secdata
X-Git-Tag: v2.6.18-rc4~65^2~16
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a280b89982f48e9a32c6410a37419b12ca88af6b;p=pandora-kernel.git

[SECURITY] secmark: nul-terminate secdata

The patch below fixes a problem in the iptables SECMARK target, where
the user-supplied 'selctx' string may not be nul-terminated.

From initial analysis, it seems that the strlen() called from
selinux_string_to_sid() could run until it arbitrarily finds a zero,
and possibly cause a kernel oops before then.

The impact of this appears limited because the operation requires
CAP_NET_ADMIN, which is essentially always root.  Also, the module is
not yet in wide use.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed