summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-06-09 15:43:12 -0400
committerJames Morris <jmorris@namei.org>2008-07-14 15:01:58 +1000
commitcea78dc4ca044e9666e8f5d797ec50ab85253e49 (patch)
tree3aa8608428774602db2550cd684bef26a9812b5d
parentbdd581c1439339f1d3e8446b83e0f1beaef294e9 (diff)
downloadlinux-cea78dc4ca044e9666e8f5d797ec50ab85253e49.tar.bz2
SELinux: fix off by 1 reference of class_to_string in context_struct_compute_av
The class_to_string array is referenced by tclass. My code mistakenly was using tclass - 1. If the proceeding class is a userspace class rather than kernel class this may cause a denial/EINVAL even if unknown handling is set to allow. The bug shouldn't be allowing excess privileges since those are given based on the contents of another array which should be correctly referenced. At this point in time its pretty unlikely this is going to cause problems. The most recently added kernel classes which could be affected are association, dccp_socket, and peer. Its pretty unlikely any policy with handle_unknown=allow doesn't have association and dccp_socket undefined (they've been around longer than unknown handling) and peer is conditionalized on a policy cap which should only be defined if that class exists in policy. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--security/selinux/ss/services.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index d06df335ee7b..f26a8cad06e7 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -325,7 +325,7 @@ static int context_struct_compute_av(struct context *scontext,
goto inval_class;
if (unlikely(tclass > policydb.p_classes.nprim))
if (tclass > kdefs->cts_len ||
- !kdefs->class_to_string[tclass - 1] ||
+ !kdefs->class_to_string[tclass] ||
!policydb.allow_unknown)
goto inval_class;