mirrors
/
deepin-kernel
mirror of https://github.com/deepin-community/kernel.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
deepin-kernel/security
History
Stephen Smalley 983dddeb79 selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len 
commit 86c8db86af43f52f682e53a0f2f0828683be1e52 upstream.

We should count the terminating NUL byte as part of the ctx_len.
Otherwise, UBSAN logs a warning:
  UBSAN: array-index-out-of-bounds in security/selinux/xfrm.c:99:14
  index 60 is out of range for type 'char [*]'

The allocation itself is correct so there is no actual out of bounds
indexing, just a warning.

Cc: stable@vger.kernel.org
Suggested-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/selinux/CAEjxPJ6tA5+LxsGfOJokzdPeRomBHjKLBVR6zbrg+_w3ZZbM3A@mail.gmail.com/
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 2753481c40af6feb897944369dd1279d7e2596d5)
 		2025-07-03 11:32:08 +08:00
..
apparmor apparmor: test: Fix memory leak for aa_unpack_strdup() 2024-12-10 20:45:04 +08:00
bpf bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 2024-12-10 20:42:13 +08:00
integrity ima: process_measurement() needlessly takes inode_lock() on MAY_READ 2025-06-10 10:34:50 +08:00
keys HAOC: Add support for x86 CRED Protection (CREDP). 2025-05-12 15:02:47 +08:00
landlock landlock: Add the errata interface 2025-05-09 22:54:46 +08:00
loadpin LoadPin: Annotate struct dm_verity_loadpin_trusted_root_digest with __counted_by 2023-08-25 16:07:30 -07:00
lockdown efi: Lock down the kernel if booted in secure boot mode 2024-12-27 11:05:10 +08:00
safesetid safesetid: check size of policy writes 2025-02-18 11:53:09 +08:00
selinux selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len 2025-07-03 11:32:08 +08:00
smack smack: Revert "smackfs: Added check catlen" 2025-06-10 16:17:54 +08:00
tomoyo tomoyo: don't emit warning in tomoyo_write_control() 2025-02-18 11:53:09 +08:00
yama sysctl-6.4-rc1 2023-04-27 16:52:33 -07:00
Kconfig proc: add config & param to block forcing mem writes 2024-12-10 20:42:21 +08:00
Kconfig.hardening hardening: Move BUG_ON_DATA_CORRUPTION to hardening options 2023-08-15 14:57:25 -07:00
Makefile security: remove unneeded subdir-$(CONFIG_...) 2021-09-03 08:17:20 +09:00
OWNERS deepin: OWNERS: Update OWNERS 2025-05-29 18:26:52 +08:00
commoncap.c HAOC: Add support for x86 CRED Protection (CREDP). 2025-05-12 15:02:47 +08:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c security: convert to ctime accessor functions 2023-07-24 10:30:08 +02:00
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
min_addr.c
security.c HAOC: Add support for x86 CRED Protection (CREDP). 2025-05-12 15:02:47 +08:00