From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch fixes a bug in the SELinux module by adding a check of the
filesystem labeling behavior value obtained from the policy.



 security/selinux/hooks.c       |   12 +++++++++---
 security/selinux/ss/policydb.c |    2 ++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff -puN security/selinux/hooks.c~selinux-check-behaviour-fix security/selinux/hooks.c
--- 25/security/selinux/hooks.c~selinux-check-behaviour-fix	2003-08-18 22:27:19.000000000 -0700
+++ 25-akpm/security/selinux/hooks.c	2003-08-18 22:27:19.000000000 -0700
@@ -313,9 +313,15 @@ static int superblock_doinit(struct supe
 
 	sbsec->initialized = 1;
 
-	printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n",
-	       sb->s_id, sb->s_type->name,
-	       labeling_behaviors[sbsec->behavior-1]);
+	if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) {
+		printk(KERN_INFO "SELinux: initialized (dev %s, type %s), unknown behavior\n",
+		       sb->s_id, sb->s_type->name);
+	}
+	else {
+		printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n",
+		       sb->s_id, sb->s_type->name,
+		       labeling_behaviors[sbsec->behavior-1]);
+	}
 
 	/* Initialize the root inode. */
 	rc = inode_doinit_with_dentry(sb->s_root->d_inode, sb->s_root);
diff -puN security/selinux/ss/policydb.c~selinux-check-behaviour-fix security/selinux/ss/policydb.c
--- 25/security/selinux/ss/policydb.c~selinux-check-behaviour-fix	2003-08-18 22:27:19.000000000 -0700
+++ 25-akpm/security/selinux/ss/policydb.c	2003-08-18 22:27:19.000000000 -0700
@@ -1301,6 +1301,8 @@ int policydb_read(struct policydb *p, vo
 				if (!buf)
 					goto bad;
 				c->v.behavior = le32_to_cpu(buf[0]);
+				if (c->v.behavior > SECURITY_FS_USE_NONE)
+					goto bad;
 				len = le32_to_cpu(buf[1]);
 				buf = next_entry(fp, len);
 				if (!buf)

_