MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-08-21 16:31:14 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
v6.1.143
linux-yocto/security
History
Stephen Smalley 210a773703 selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len 
commit 86c8db86af upstream.

We should count the terminating NUL byte as part of the ctx_len.
Otherwise, UBSAN logs a warning:
  UBSAN: array-index-out-of-bounds in security/selinux/xfrm.c:99:14
  index 60 is out of range for type 'char [*]'

The allocation itself is correct so there is no actual out of bounds
indexing, just a warning.

Cc: stable@vger.kernel.org
Suggested-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/selinux/CAEjxPJ6tA5+LxsGfOJokzdPeRomBHjKLBVR6zbrg+_w3ZZbM3A@mail.gmail.com/
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-27 11:07:37 +01:00
..
apparmor apparmor: test: Fix memory leak for aa_unpack_strdup() 2024-12-14 19:53:59 +01:00
bpf bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 2024-10-17 15:21:27 +02:00
integrity ima: fix buffer overrun in ima_eventdigest_init_common 2024-11-22 15:37:31 +01:00
keys security/keys: fix slab-out-of-bounds in key_task_permission 2024-11-14 13:15:11 +01:00
landlock landlock: Add the errata interface 2025-04-25 10:44:02 +02:00
loadpin LoadPin: Ignore the "contents" argument of the LSM hooks 2022-12-31 13:33:07 +01:00
lockdown lockdown: ratelimit denial messages 2022-09-14 07:37:50 -04:00
safesetid safesetid: check size of policy writes 2025-02-21 13:49:31 +01:00
selinux selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len 2025-06-27 11:07:37 +01:00
smack smack: recognize ipv4 CIPSO w/o categories 2025-06-04 14:40:14 +02:00
tomoyo tomoyo: don't emit warning in tomoyo_write_control() 2025-02-21 13:49:31 +01:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
commoncap.c capabilities: fix potential memleak on error path from vfs_getxattr_alloc() 2022-10-28 06:44:33 -04:00
device_cgroup.c device_cgroup: Roll back to original exceptions after copy failure 2023-01-07 11:11:56 +01:00
inode.c
Kconfig proc: add config & param to block forcing mem writes 2024-10-17 15:21:39 +02:00
Kconfig.hardening randstruct: disable Clang 15 support 2023-02-25 11:25:43 +01:00
lsm_audit.c lsm: clean up redundant NULL pointer check 2022-08-15 22:44:01 -04:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
min_addr.c
security.c ima: Avoid blocking in RCU read-side critical section 2024-07-11 12:47:16 +02:00