Merge tag 'selinux-pr-20180530' of git://git.kernel.org/pub/scm/linux/kernel/git...

Pull SELinux fix from Paul Moore:
 "One more small fix for SELinux: a small string length fix found by
  KASAN.

  I dislike sending patches this late in the release cycle, but this
  patch fixes a legitimate problem, is very small, limited in scope, and
  well understood.

  There are two threads with more information on the problem, the latest
  is linked below:

    https://marc.info/?t=152723737400001&r=1&w=2

  Stephen points out in the thread linked above:

   'Such a setxattr() call can only be performed by a process with
    CAP_MAC_ADMIN that is also allowed mac_admin permission in SELinux
    policy. Consequently, this is never possible on Android (no process
    is allowed mac_admin permission, always enforcing) and is only
    possible in Fedora/RHEL for a few domains (if enforcing)'"

* tag 'selinux-pr-20180530' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: KASAN: slab-out-of-bounds in xattr_getsecurity

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 8057e19dc15fc98b212817ff72c425f7b715ab12..3ce225e3f142f494d0bfb8a5c87f6dbe511021ab 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1494,7 +1494,7 @@ static int security_context_to_sid_core(struct selinux_state *state,
                                      scontext_len, &context, def_sid);
        if (rc == -EINVAL && force) {
                context.str = str;
-               context.len = scontext_len;
+               context.len = strlen(str) + 1;
                str = NULL;
        } else if (rc)
                goto out_unlock;