SELinux: fix array out of bounds when mounting with selinux options
Given an illegal selinux option it was possible for match_token to work in random memory at the end of the match_table_t array. Note that privilege is required to perform a context mount, so this issue is effectively limited to root only. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
a88a8eff1e
commit
31e8793094
|
@ -316,6 +316,7 @@ static inline int inode_doinit(struct inode *inode)
|
|||
}
|
||||
|
||||
enum {
|
||||
Opt_error = -1,
|
||||
Opt_context = 1,
|
||||
Opt_fscontext = 2,
|
||||
Opt_defcontext = 4,
|
||||
|
@ -327,6 +328,7 @@ static match_table_t tokens = {
|
|||
{Opt_fscontext, "fscontext=%s"},
|
||||
{Opt_defcontext, "defcontext=%s"},
|
||||
{Opt_rootcontext, "rootcontext=%s"},
|
||||
{Opt_error, NULL},
|
||||
};
|
||||
|
||||
#define SEL_MOUNT_FAIL_MSG "SELinux: duplicate or incompatible mount options\n"
|
||||
|
|
Loading…
Reference in New Issue