From patchwork Mon Jun 13 14:14:59 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Paul Moore <pmoore@redhat.com>
X-Patchwork-Id: 9173127
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	1F59560573 for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 13 Jun 2016 14:16:18 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 11CE820223
	for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 13 Jun 2016 14:16:18 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 06B5B265B9; Mon, 13 Jun 2016 14:16:18 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00 autolearn=ham
	version=3.3.1
Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 61EEB20223
	for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 13 Jun 2016 14:16:16 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.26,466,1459814400"; d="scan'208";a="14588328"
IronPort-PHdr: =?us-ascii?q?9a23=3ATYeXrRIsIIzaXcRrGtmcpTZWNBhigK39O0sv0rFi?=
	=?us-ascii?q?tYgUL/zxwZ3uMQTl6Ol3ixeRBMOAu6MC27Od7fuocFdDyKjCmUhKSIZLWR4BhJ?=
	=?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?=
	=?us-ascii?q?brysXNWC3oLnjqvsoNX6WEZhunmUWftKNhK4rAHc5IE9oLBJDeIP8CbPuWZCYO?=
	=?us-ascii?q?9MxGlldhq5lhf44dqsrtY4q3wD888784Z8dYmyP+FhFf0LRAghZns44MztqAnr?=
	=?us-ascii?q?URqE5nxaVH4f1BVPHVvr9hb/C6/4ry+yk+16wiTSadXzSrcuVBy44qtrQQOugy?=
	=?us-ascii?q?ACYW1quFrLg9B92foI6CmqoAZylsuNOIw=3D?=
X-IPAS-Result: =?us-ascii?q?A2FwBQADv15X/wHyM5BbHQGDIIFTii6yZyKFewOBNEwBAQE?=
	=?us-ascii?q?BAQECAmIngjCCIgIkExQgDgMJAhcIIQgIAwEtFR8LBRgEiA+3aiWGJ4F/hl4CE?=
	=?us-ascii?q?QECZoUPBZhhl2wXhUMCj25UhApSiEQPF4EeAQEB?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	13 Jun 2016 14:16:12 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u5DEF5FQ027901;
	Mon, 13 Jun 2016 10:15:22 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u5DEF33a277708 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Mon, 13 Jun 2016 10:15:03 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u5DEF3ne027899
	for <selinux@tycho.nsa.gov>; Mon, 13 Jun 2016 10:15:03 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1AMAgC4vl5XZBy3hNFbHAEBgyCBU7kYhAgShzdMAQEBAQEBBRsLCgYjhSMEgQIFAiYCSSmIMJcYj2KRE4EBhSaBf4ZeFmaCNYJaBZhhl2yFWgKPboIKDIJIIDKIRIFEAQEB
X-IPAS-Result: 
 A1AMAgC4vl5XZBy3hNFbHAEBgyCBU7kYhAgShzdMAQEBAQEBBRsLCgYjhSMEgQIFAiYCSSmIMJcYj2KRE4EBhSaBf4ZeFmaCNYJaBZhhl2yFWgKPboIKDIJIIDKIRIFEAQEB
X-IronPort-AV: E=Sophos;i="5.26,466,1459828800"; d="scan'208";a="5509672"
Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov)
	([10.208.41.36])
	by goalie.tycho.ncsc.mil with ESMTP; 13 Jun 2016 10:15:02 -0400
IronPort-PHdr: =?us-ascii?q?9a23=3A1GyCvRASMB1KPPKjMEdbUyQJP3N1i/DPJgcQr6Af?=
	=?us-ascii?q?oPdwSP74osbcNUDSrc9gkEXOFd2CrakU2qyG6uu+AiQp2tWojjMrSNR0TRgLiM?=
	=?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpQAbFhi3Dwdp?=
	=?us-ascii?q?POO9QteU1JTmkbDrsMOIKyxzxxODIppKZC2sqgvQssREyaBDEY0WjiXzn31TZu?=
	=?us-ascii?q?5NznlpL1/A1zz158O34YIxu38I46FppIZ8VvDhcqA5S6FIJCg3OGAyosvwvF/M?=
	=?us-ascii?q?ShXcyGEbVzAumwdMSy3C6wv3FsPptyz9rOdVwiSWPcTqC7szXGLxvO9QVBb0hX?=
	=?us-ascii?q?JfZHYC+2bNh5kogQ=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0H5AQADv15XZBy3hNFbHAEBgyCBU4our?=
	=?us-ascii?q?mqECBKHN0wBAQEBAQECAgEbCxAjL4IwgkQEgQIFAiYCSSmIMJcaj2KRE4EBhSa?=
	=?us-ascii?q?Bf4ZeFmaCNYJaBZhhl2yFWgKPboIWgkggMohEgUQBAQE?=
X-IPAS-Result: =?us-ascii?q?A0H5AQADv15XZBy3hNFbHAEBgyCBU4ourmqECBKHN0wBAQE?=
	=?us-ascii?q?BAQECAgEbCxAjL4IwgkQEgQIFAiYCSSmIMJcaj2KRE4EBhSaBf4ZeFmaCNYJaB?=
	=?us-ascii?q?Zhhl2yFWgKPboIWgkggMohEgUQBAQE?=
X-IronPort-AV: E=Sophos;i="5.26,466,1459814400"; d="scan'208";a="14588216"
Received: from mx1.redhat.com ([209.132.183.28])
	by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	13 Jun 2016 14:15:01 +0000
Received: from int-mx11.intmail.prod.int.phx2.redhat.com
	(int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id AB1A964D18
	for <selinux@tycho.nsa.gov>; Mon, 13 Jun 2016 14:15:00 +0000 (UTC)
Received: from [127.0.0.1] (vpn-62-8.rdu2.redhat.com [10.10.62.8])
	by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with
	ESMTP id u5DEEx0i029864; Mon, 13 Jun 2016 10:15:00 -0400
Subject: [PATCH] selinux: import NetLabel category bitmaps correctly
From: Paul Moore <pmoore@redhat.com>
To: selinux@tycho.nsa.gov
Date: Mon, 13 Jun 2016 10:14:59 -0400
Message-ID: <146582729948.14945.7155589043038782897.stgit@localhost>
User-Agent: StGit/0.17.1-dirty
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.5.110.39]); Mon, 13 Jun 2016 14:15:00 +0000 (UTC)
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

From: Paul Moore <paul@paul-moore.com>

The existing ebitmap_netlbl_import() code didn't correctly handle the
case where the ebitmap_node was not aligned/sized to a power of two,
this patch fixes this (on x86_64 ebitmap_node contains six bitmaps
making a range of 0..383).

Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 security/selinux/ss/ebitmap.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index 57644b1..894b6cd 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -165,7 +165,7 @@ int ebitmap_netlbl_import(struct ebitmap *ebmap,
 			e_iter = kzalloc(sizeof(*e_iter), GFP_ATOMIC);
 			if (e_iter == NULL)
 				goto netlbl_import_failure;
-			e_iter->startbit = offset & ~(EBITMAP_SIZE - 1);
+			e_iter->startbit = offset - (offset % EBITMAP_SIZE);
 			if (e_prev == NULL)
 				ebmap->node = e_iter;
 			else