Merge tag 'selinux-pr-20181115' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull SELinux fixes from Paul Moore: "Two small SELinux fixes for v4.20. Ondrej's patch adds a check on user input, and my patch ensures we don't look past the end of a buffer. Both patches are quite small and pass the selinux-testsuite" * tag 'selinux-pr-20181115' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: fix non-MLS handling in mls_context_to_sid() selinux: check length properly in SCTP bind hook
author: Linus Torvalds <torvalds@linux-foundation.org> 2018-11-15 11:26:09 -0600
committer: Linus Torvalds <torvalds@linux-foundation.org> 2018-11-15 11:26:09 -0600
commit: da5322e65940e4e8426613a8ff3d99a08b350a52 (patch)
tree: 5e0b8036ee4a8646bd868cfc256908f87bc2f281 /security/selinux/hooks.c
parent: 282fd2a2adb487e97ef9cd757848b2112d7b8d0c (diff)
parent: 877181a8d9dc663f7a73f77f50af714d7888ec3b (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 7ce683259357..a67459eb62d5 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5318,6 +5318,9 @@ static int selinux_sctp_bind_connect(struct sock *sk, int optname,
 	addr_buf = address;
 
 	while (walk_size < addrlen) {
+		if (walk_size + sizeof(sa_family_t) > addrlen)
+			return -EINVAL;
+
 		addr = addr_buf;
 		switch (addr->sa_family) {
 		case AF_UNSPEC:
author	Linus Torvalds <torvalds@linux-foundation.org>	2018-11-15 11:26:09 -0600
committer	Linus Torvalds <torvalds@linux-foundation.org>	2018-11-15 11:26:09 -0600
commit	da5322e65940e4e8426613a8ff3d99a08b350a52 (patch)
tree	5e0b8036ee4a8646bd868cfc256908f87bc2f281 /security/selinux/hooks.c
parent	282fd2a2adb487e97ef9cd757848b2112d7b8d0c (diff)
parent	877181a8d9dc663f7a73f77f50af714d7888ec3b (diff)