selinux: Fix check for xfrm selinux context algorithm
authorSteffen Klassert <steffen.klassert@secunet.com>
Wed, 23 Feb 2011 11:54:33 +0000 (12:54 +0100)
committerEric Paris <eparis@redhat.com>
Fri, 25 Feb 2011 20:00:44 +0000 (15:00 -0500)
selinux_xfrm_sec_ctx_alloc accidentally checks the xfrm domain of
interpretation against the selinux context algorithm. This patch
fixes this by checking ctx_alg against the selinux context algorithm.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
security/selinux/xfrm.c

index fff78d3b51a2ecddd1f18dd959ad99c80c090742..728c57e3d65d0bd5b47edff46367f804d35974e7 100644 (file)
@@ -208,7 +208,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
        if (!uctx)
                goto not_from_user;
 
-       if (uctx->ctx_doi != XFRM_SC_ALG_SELINUX)
+       if (uctx->ctx_alg != XFRM_SC_ALG_SELINUX)
                return -EINVAL;
 
        str_len = uctx->ctx_len;