summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2007-09-20 01:19:12 +0400
committerJames Morris <jmorris@namei.org>2007-09-20 02:06:40 +0400
commit31e879309474d1666d645b96de99d0b682fa055f (patch)
treebb9d45dc85e03044b5ee7635f3646774bcbb30d4 /security
parenta88a8eff1e6e32d3288986a9d36c6a449c032d3a (diff)
downloadlinux-31e879309474d1666d645b96de99d0b682fa055f.tar.xz
SELinux: fix array out of bounds when mounting with selinux options
Given an illegal selinux option it was possible for match_token to work in random memory at the end of the match_table_t array. Note that privilege is required to perform a context mount, so this issue is effectively limited to root only. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 36946629b6ca..0753b20e23fe 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -316,6 +316,7 @@ static inline int inode_doinit(struct inode *inode)
}
enum {
+ Opt_error = -1,
Opt_context = 1,
Opt_fscontext = 2,
Opt_defcontext = 4,
@@ -327,6 +328,7 @@ static match_table_t tokens = {
{Opt_fscontext, "fscontext=%s"},
{Opt_defcontext, "defcontext=%s"},
{Opt_rootcontext, "rootcontext=%s"},
+ {Opt_error, NULL},
};
#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"