MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-08-21 16:31:14 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
v6.12.36
linux-yocto/security
History
Stephen Smalley 870dd7e784 selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len 
commit 86c8db86af upstream.

We should count the terminating NUL byte as part of the ctx_len.
Otherwise, UBSAN logs a warning:
  UBSAN: array-index-out-of-bounds in security/selinux/xfrm.c:99:14
  index 60 is out of range for type 'char [*]'

The allocation itself is correct so there is no actual out of bounds
indexing, just a warning.

Cc: stable@vger.kernel.org
Suggested-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/selinux/CAEjxPJ6tA5+LxsGfOJokzdPeRomBHjKLBVR6zbrg+_w3ZZbM3A@mail.gmail.com/
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-27 11:11:38 +01:00
..
apparmor apparmor: allocate xmatch for nullpdb inside aa_alloc_null 2025-01-23 17:23:05 +01:00
bpf bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 2024-09-11 10:11:36 -07:00
integrity ima: process_measurement() needlessly takes inode_lock() on MAY_READ 2025-05-29 11:02:00 +02:00
ipe ipe: fallback to platform keyring also if key in trusted keyring is rejected 2024-10-18 12:14:53 -07:00
keys keys: Fix UAF in key_put() 2025-03-28 22:03:30 +01:00
landlock landlock: Prepare to add second errata 2025-04-20 10:15:56 +02:00
loadpin introduce fd_file(), convert all accessors to it. 2024-08-12 22:00:43 -04:00
lockdown lockdown: Make lockdown_lsmid static 2024-08-15 12:11:42 -04:00
safesetid safesetid: check size of policy writes 2025-02-17 10:04:49 +01:00
selinux selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len 2025-06-27 11:11:38 +01:00
smack smack: Revert "smackfs: Added check catlen" 2025-05-29 11:02:48 +02:00
tomoyo tomoyo: don't emit warning in tomoyo_write_control() 2025-02-17 10:04:50 +01:00
yama sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
commoncap.c lsm: Refactor return value of LSM hook vm_enough_memory 2024-07-31 14:46:51 -04:00
device_cgroup.c
inode.c lsm: Use IS_ERR_OR_NULL() helper function 2024-08-29 11:12:13 -04:00
Kconfig lsm/stable-6.12 PR 20240911 2024-09-16 18:19:47 +02:00
Kconfig.hardening hardening: Adjust dependencies in selection of MODVERSIONS 2024-09-28 13:56:03 -07:00
lsm_audit.c
lsm_syscalls.c
Makefile lsm: add IPE lsm 2024-08-19 22:36:26 -04:00
min_addr.c sysctl: treewide: constify the ctl_table argument of proc_handlers 2024-07-24 20:59:29 +02:00
security.c bcachefs: do not use PF_MEMALLOC_NORECLAIM 2024-10-09 12:47:18 -07:00