summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorSteffen Klassert <steffen.klassert@secunet.com>2011-02-23 14:54:33 +0300
committerEric Paris <eparis@redhat.com>2011-02-25 23:00:44 +0300
commit8f82a6880d8d03961181d973388e1df2772a8b24 (patch)
treeb2eb1374f143610dbf06a686fcfee6b77bff110b /security
parent4916ca401e3051dad326ddd69765bd0e3f32fb9b (diff)
downloadlinux-8f82a6880d8d03961181d973388e1df2772a8b24.tar.xz
selinux: Fix check for xfrm selinux context algorithm
selinux_xfrm_sec_ctx_alloc accidentally checks the xfrm domain of interpretation against the selinux context algorithm. This patch fixes this by checking ctx_alg against the selinux context algorithm. Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Acked-by: Paul Moore <paul.moore@hp.com> Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/xfrm.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index fff78d3b51a2..728c57e3d65d 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -208,7 +208,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
if (!uctx)
goto not_from_user;
- if (uctx->ctx_doi != XFRM_SC_ALG_SELINUX)
+ if (uctx->ctx_alg != XFRM_SC_ALG_SELINUX)
return -EINVAL;
str_len = uctx->ctx_len;