selinux: ensure the context is NUL terminated in security_context_to_sid_core()
authorPaul Moore <paul@paul-moore.com>
Tue, 28 Nov 2017 23:51:12 +0000 (18:51 -0500)
committerPaul Moore <paul@paul-moore.com>
Tue, 28 Nov 2017 23:51:12 +0000 (18:51 -0500)
commitef28df55ac27e1e5cd122e19fa311d886d47a756
tree61410c34607ca1bdf625b74467f1811f947f5690
parent4f0753e708c2e07f6e9bc1adfa73138e8ab0ee5d
selinux: ensure the context is NUL terminated in security_context_to_sid_core()

The syzbot/syzkaller automated tests found a problem in
security_context_to_sid_core() during early boot (before we load the
SELinux policy) where we could potentially feed context strings without
NUL terminators into the strcmp() function.

We already guard against this during normal operation (after the SELinux
policy has been loaded) by making a copy of the context strings and
explicitly adding a NUL terminator to the end.  The patch extends this
protection to the early boot case (no loaded policy) by moving the context
copy earlier in security_context_to_sid_core().

Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Reviewed-By: William Roberts <william.c.roberts@intel.com>
security/selinux/ss/services.c