MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-08-21 16:31:14 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
v6.6.101
linux-yocto/security
History
Stephen Smalley 2753481c40 selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len 
commit 86c8db86af upstream.

We should count the terminating NUL byte as part of the ctx_len.
Otherwise, UBSAN logs a warning:
  UBSAN: array-index-out-of-bounds in security/selinux/xfrm.c:99:14
  index 60 is out of range for type 'char [*]'

The allocation itself is correct so there is no actual out of bounds
indexing, just a warning.

Cc: stable@vger.kernel.org
Suggested-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/selinux/CAEjxPJ6tA5+LxsGfOJokzdPeRomBHjKLBVR6zbrg+_w3ZZbM3A@mail.gmail.com/
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-27 11:08:59 +01:00
..
apparmor apparmor: test: Fix memory leak for aa_unpack_strdup() 2024-12-09 10:32:45 +01:00
bpf bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 2024-10-04 16:30:02 +02:00
integrity ima: process_measurement() needlessly takes inode_lock() on MAY_READ 2025-06-04 14:41:53 +02:00
keys security/keys: fix slab-out-of-bounds in key_task_permission 2024-11-14 13:19:30 +01:00
landlock landlock: Add the errata interface 2025-04-25 10:45:57 +02:00
loadpin LoadPin: Annotate struct dm_verity_loadpin_trusted_root_digest with __counted_by 2023-08-25 16:07:30 -07:00
lockdown
safesetid safesetid: check size of policy writes 2025-02-17 09:40:06 +01:00
selinux selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len 2025-06-27 11:08:59 +01:00
smack smack: Revert "smackfs: Added check catlen" 2025-06-04 14:42:09 +02:00
tomoyo tomoyo: don't emit warning in tomoyo_write_control() 2025-02-17 09:40:07 +01:00
yama
commoncap.c lsm: constify the 'target' parameter in security_capget() 2023-08-08 16:48:47 -04:00
device_cgroup.c
inode.c security: convert to ctime accessor functions 2023-07-24 10:30:08 +02:00
Kconfig proc: add config & param to block forcing mem writes 2024-10-10 11:57:27 +02:00
Kconfig.hardening hardening: Move BUG_ON_DATA_CORRUPTION to hardening options 2023-08-15 14:57:25 -07:00
lsm_audit.c
Makefile
min_addr.c
security.c evm: don't copy up 'security.evm' xattr 2024-08-29 17:33:31 +02:00