superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/security
History
Stephen Smalley 86c8db86af selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len 
We should count the terminating NUL byte as part of the ctx_len.
Otherwise, UBSAN logs a warning:
  UBSAN: array-index-out-of-bounds in security/selinux/xfrm.c:99:14
  index 60 is out of range for type 'char [*]'

The allocation itself is correct so there is no actual out of bounds
indexing, just a warning.

Cc: stable@vger.kernel.org
Suggested-by: Christian Göttsche <cgzones@googlemail.com>
Link: https://lore.kernel.org/selinux/CAEjxPJ6tA5+LxsGfOJokzdPeRomBHjKLBVR6zbrg+_w3ZZbM3A@mail.gmail.com/
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
 		2025-06-16 19:02:22 -04:00
..
apparmor VFS: rename lookup_one_len family to lookup_noperm and remove permission check 2025-04-08 11:24:36 +02:00
bpf bpf: lsm: Remove hook to bpf_task_storage_free 2024-12-16 12:32:31 -08:00
integrity ima: do not copy measurement list to kdump kernel 2025-05-14 06:40:09 -04:00
ipe ipe: add errno field to IPE policy load auditing 2025-05-27 18:08:51 -07:00
keys KEYS: Invert FINAL_PUT bit 2025-06-11 11:57:14 -07:00
landlock landlock: Improve bit operations in audit code 2025-05-12 11:38:53 +02:00
loadpin loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported 2025-03-03 09:35:50 -08:00
lockdown lockdown: initialize local array before use to quiet static analysis 2025-01-05 12:48:43 -05:00
safesetid safesetid: check size of policy writes 2025-01-04 22:46:09 -05:00
selinux selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len 2025-06-16 19:02:22 -04:00
smack Networking changes for 6.16. 2025-05-28 15:24:36 -07:00
tomoyo tomoyo: use better patterns for procfs in learning mode 2025-01-31 00:27:44 +09:00
yama yama: don't abuse rcu_read_lock/get_task_struct in yama_task_prctl() 2025-03-07 19:58:05 -08:00
Kconfig mseal sysmap: kernel config and header change 2025-04-01 15:17:14 -07:00
Kconfig.hardening require gcc-8 and binutils-2.30 2025-05-31 08:16:52 -07:00
Makefile lsm: Only build lsm_audit.c if CONFIG_SECURITY and CONFIG_AUDIT are set 2025-01-04 11:50:44 -05:00
commoncap.c capability: Remove unused has_capability 2025-03-07 22:03:09 -06:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c VFS: rename lookup_one_len family to lookup_noperm and remove permission check 2025-04-08 11:24:36 +02:00
lsm_audit.c net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
lsm_syscalls.c lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
min_addr.c security: min_addr: move sysctl to security/min_addr.c 2025-02-07 16:53:04 +01:00
security.c lsm: Move security_netlink_send to under CONFIG_SECURITY_NETWORK 2025-04-22 15:34:58 -04:00