From a0fac0acdd368e8450cda2c75b4a8d86f1151ad4 Mon Sep 17 00:00:00 2001 From: Joshua Roys Date: Wed, 24 Feb 2010 18:52:44 -0500 Subject: netlabel: fix export of SELinux categories > 127 commit c36f74e67fa12202dbcb4ad92c5ac844f9d36b98 upstream. This fixes corrupted CIPSO packets when SELinux categories greater than 127 are used. The bug occured on the second (and later) loops through the while; the inner for loop through the ebitmap->maps array used the same index as the NetLabel catmap->bitmap array, even though the NetLabel bitmap is twice as long as the SELinux bitmap. Signed-off-by: Joshua Roys Acked-by: Paul Moore Signed-off-by: James Morris Signed-off-by: Greg Kroah-Hartman --- security/selinux/ss/ebitmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index 68c7348d1acc..04b6145d767f 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c @@ -128,7 +128,7 @@ int ebitmap_netlbl_export(struct ebitmap *ebmap, cmap_idx = delta / NETLBL_CATMAP_MAPSIZE; cmap_sft = delta % NETLBL_CATMAP_MAPSIZE; c_iter->bitmap[cmap_idx] - |= e_iter->maps[cmap_idx] << cmap_sft; + |= e_iter->maps[i] << cmap_sft; } e_iter = e_iter->next; } -- cgit v1.2.3