Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp239191imm; Fri, 3 Aug 2018 02:38:51 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfB0UiSn2kE7wZH/m+5g910UW2tP+jStzGWf5YVXxBYGafkBO+jnXv7/EFCf6y5ltThfTXy X-Received: by 2002:a62:9f1d:: with SMTP id g29-v6mr3505903pfe.207.1533289131107; Fri, 03 Aug 2018 02:38:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533289131; cv=none; d=google.com; s=arc-20160816; b=QruCfhdzzGr04dqBToDyZJPeT1VnzTsMwoYhIWAR9ECNBIpzqkVQDCVImOId0IAzC0 mWOY93/E6LfoB2r79+3jypJf46+x4zCVFmaVI1LhojeXXcb3+RY/FLSDQmYeBv7vRVLL iNyIFMNMI4n7zf4oc63m0ry3pJWx8WMPdrCtWdH+N632giioE3k20ig7QZe7tisbcq5o c5Zd3pEkhIq2iydezb3lpXwpErOJN5EwvoHNt6v6LUpJhMbetM64C+cd+NkT+uW8Yaut Tvvzul2N6CNhVDig/PrSz1Y2UjN9AgUFgqMmFoDDBpKEKoSXW/7yyqIcca2bnHW2W1PI msAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:mime-version :message-id:date:dkim-signature:arc-authentication-results; bh=gKam9WaYXvtGukQ1JMxYeC89hlAklM7RuKowpz4IWCY=; b=cuA4oXn1zZc2WeJMVKz8lEPLn4ZwJEFPG+O52DO5FVC4WcZdr/SQrIJdiNNDArDXFZ v4/2FIzBmE7Pdz0VYJyqshODSPdBfeqhd3ZjEwHtHkrL1hlEnhkwePOYTjC5TIMURk8f cir5TwU/SoZJ8xOA9o+Asx4xiBGTosFA4WUNmSx/VaOnZcUG5m/tEr7KBMUi1MyaYliU urK2ye7s5xD7rDnddK62W+nmsPQMZXKuw+1YYgLI89CEeLQJRqMYUkyvHFFSGBmPo7ys rcQpCEU72lauv0Ql4+D3Cg6EdiJeBWOEfztD6DQhASBJDEuWwDZrpNYk2oDTUZXjO5hv 0Img== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=quK21zVn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w135-v6si4876174pff.8.2018.08.03.02.38.13; Fri, 03 Aug 2018 02:38:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=quK21zVn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732367AbeHCLbl (ORCPT + 99 others); Fri, 3 Aug 2018 07:31:41 -0400 Received: from mail-qk0-f201.google.com ([209.85.220.201]:44413 "EHLO mail-qk0-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729913AbeHCLbl (ORCPT ); Fri, 3 Aug 2018 07:31:41 -0400 Received: by mail-qk0-f201.google.com with SMTP id w126-v6so4678705qka.11 for ; Fri, 03 Aug 2018 02:36:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=gKam9WaYXvtGukQ1JMxYeC89hlAklM7RuKowpz4IWCY=; b=quK21zVntwsOGQrbPbPpyc/0lMQvpBVCDXVlBeGNW21FLAF1trai59UDBYPCE2GG/V DrQ7Wwp4WdeSOZ/jtyUQ/XymWPItKEwzjxI0gCqwTGxtnh8jvfx6ilpNHucV9x0LWmJU VzRhHCalGiCEL9tHGMtgd4YoPWmkXGtlXukYc/nM4QqkrmEJBu3vhSui9BXR+3TEYpQT gJHyPvgkqslr2PR8Em9VAaKoYO/sMGGIp5oNpDTmkI2XSdC/dZXKUetfY3x7vPdpDXZ4 ouGKVPmjp1/2tPuZbJyOdiCRdcWWgY2GdZNGNk72BsqJFUWurqvr1RBvfNYwbtM5SppP xGSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=gKam9WaYXvtGukQ1JMxYeC89hlAklM7RuKowpz4IWCY=; b=mGJ/bYRYevE1JgNNhXqivSMlY5u8Y3SIIbNj/Kx6LaIZG8nG5UFahl8cCFUAHqnnID XiKw/Ok+2J4SNp1/QHc8WGaeMmzeQVmZvt3NdzGFSrNnMUFsUDm8XPcCfSVwO18yp5wz o2kWQlxj+yEdj3fXFHtJkDPUGPtr+xUPzRVb+wszns7mKGZPSxgvCo4uO/Zss2gp3q/K 3vxzM+h5qAt36MEev2xtu3nvqgwMqun648MDaIkkWk/AMvwH2F9//EgBQVzPgDgQsPMx PpuUQ7cnF4ERkF5hO32/s2fJMmSFTinUFOzs8RlAqCGptmlkNwzX/QfIe3is5aii82+y U7ig== X-Gm-Message-State: AOUpUlHHJbVRrPNB9kyFPROJ3Jjuaf6jaBOvJPkjjOgKYwvyj/z605xP pwnCeZBeN9yRbHFyCF8sSaYb9j3QcA== X-Received: by 2002:ac8:1019:: with SMTP id z25-v6mr3481000qti.14.1533288971594; Fri, 03 Aug 2018 02:36:11 -0700 (PDT) Date: Fri, 3 Aug 2018 11:36:04 +0200 Message-Id: <20180803093604.38254-1-jannh@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.18.0.597.ga71716f1ad-goog Subject: [PATCH] selinux: stricter parsing in mls_context_to_sid() From: Jann Horn To: Paul Moore , Stephen Smalley , Eric Paris , selinux@tycho.nsa.gov, jannh@google.com Cc: James Morris , "Serge E. Hallyn" , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org mls_context_to_sid incorrectly accepted MLS context strings that are followed by a dash and trailing garbage. Before this change, the following command works: # mount -t tmpfs -o 'context=system_u:object_r:tmp_t:s0-s0:c0-BLAH' \ none mount After this change, it fails with the following error message in dmesg: SELinux: security_context_str_to_sid(system_u:object_r:tmp_t:s0-s0:c0-BLAH) failed for (dev tmpfs, type tmpfs) errno=-22 This is not an important bug; but it is a small quirk that was useful for exploiting a vulnerability in fusermount. This patch does not change the behavior when the policy does not have MLS enabled. Signed-off-by: Jann Horn --- security/selinux/ss/mls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index 39475fb455bc..2c73d612d2ee 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c @@ -344,7 +344,7 @@ int mls_context_to_sid(struct policydb *pol, break; } } - if (delim == '-') { + if (delim == '-' && l == 0) { /* Extract high sensitivity. */ scontextp = p; while (*p && *p != ':') -- 2.18.0.597.ga71716f1ad-goog