提交 8f82a688 编写于 作者: S Steffen Klassert 提交者: Eric Paris

selinux: Fix check for xfrm selinux context algorithm

selinux_xfrm_sec_ctx_alloc accidentally checks the xfrm domain of
interpretation against the selinux context algorithm. This patch
fixes this by checking ctx_alg against the selinux context algorithm.
Signed-off-by: NSteffen Klassert <steffen.klassert@secunet.com>
Acked-by: NPaul Moore <paul.moore@hp.com>
Signed-off-by: NEric Paris <eparis@redhat.com>
上级 4916ca40
......@@ -208,7 +208,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
if (!uctx)
goto not_from_user;
if (uctx->ctx_doi != XFRM_SC_ALG_SELINUX)
if (uctx->ctx_alg != XFRM_SC_ALG_SELINUX)
return -EINVAL;
str_len = uctx->ctx_len;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册