Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
SELinux: fix array out of bounds when mounting with selinux options
Given an illegal selinux option it was possible for match_token to work in
random memory at the end of the match_table_t array.
Note that privilege is required to perform a context mount, so this issue is
effectively limited to root only.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
authored by
Eric Paris
and committed by
James Morris
31e87930
a88a8eff
+2
+2
security/selinux/hooks.c
+2
security/selinux/hooks.c
···
316
316
}
317
317
318
318
enum {
319
+
Opt_error = -1,
319
320
Opt_context = 1,
320
321
Opt_fscontext = 2,
321
322
Opt_defcontext = 4,
···
328
327
{Opt_fscontext, "fscontext=%s"},
329
328
{Opt_defcontext, "defcontext=%s"},
330
329
{Opt_rootcontext, "rootcontext=%s"},
330
+
{Opt_error, NULL},
331
331
};
332
332
333
333
#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"