From: Joshua Roys Date: Wed, 24 Feb 2010 23:52:44 +0000 (-0500) Subject: netlabel: fix export of SELinux categories > 127 X-Git-Tag: firefly_0821_release~10186^2~2165 X-Git-Url: http://plrg.eecs.uci.edu/git/?a=commitdiff_plain;h=15bd3e21f0b4b12aca0f016cb2d962fc227182e2;p=firefly-linux-kernel-4.4.55.git netlabel: fix export of SELinux categories > 127 commit c36f74e67fa12202dbcb4ad92c5ac844f9d36b98 upstream. This fixes corrupted CIPSO packets when SELinux categories greater than 127 are used. The bug occured on the second (and later) loops through the while; the inner for loop through the ebitmap->maps array used the same index as the NetLabel catmap->bitmap array, even though the NetLabel bitmap is twice as long as the SELinux bitmap. Signed-off-by: Joshua Roys Acked-by: Paul Moore Signed-off-by: James Morris Signed-off-by: Greg Kroah-Hartman --- diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index 68c7348d1acc..04b6145d767f 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c @@ -128,7 +128,7 @@ int ebitmap_netlbl_export(struct ebitmap *ebmap, cmap_idx = delta / NETLBL_CATMAP_MAPSIZE; cmap_sft = delta % NETLBL_CATMAP_MAPSIZE; c_iter->bitmap[cmap_idx] - |= e_iter->maps[cmap_idx] << cmap_sft; + |= e_iter->maps[i] << cmap_sft; } e_iter = e_iter->next; }