selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len

commit 86c8db86af43f52f682e53a0f2f0828683be1e52 upstream. We should count the terminating NUL byte as part of the ctx_len. Otherwise, UBSAN logs a warning: UBSAN: array-index-out-of-bounds in security/selinux/xfrm.c:99:14 index 60 is out of range for type 'char [*]' The allocation itself is correct so there is no actual out of bounds indexing, just a warning. Cc: stable@vger.kernel.org Suggested-by: Christian Göttsche <cgzones@googlemail.com> Link: https://lore.kernel.org/selinux/CAEjxPJ6tA5+LxsGfOJokzdPeRomBHjKLBVR6zbrg+_w3ZZbM3A@mail.gmail.com/ Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Stephen Smalley <stephen.smalley.work@gmail.com> 2025-06-13 15:37:05 -0400
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-06-27 11:04:20 +0100
commit: e825daf0b2b1da827ed28cd795c9e80dc34f6ede (patch)
tree: 0f8d5a8c3ab698757cf790cc58d4690490f14e33 /security
parent: 996c27b974c274731c89f9f095fd41fb14174099 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index 114245b6f7c7..5b315e3e8dc3 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -95,7 +95,7 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp,
 
 	ctx->ctx_doi = XFRM_SC_DOI_LSM;
 	ctx->ctx_alg = XFRM_SC_ALG_SELINUX;
-	ctx->ctx_len = str_len;
+	ctx->ctx_len = str_len + 1;
 	memcpy(ctx->ctx_str, &uctx[1], str_len);
 	ctx->ctx_str[str_len] = '\0';
 	rc = security_context_to_sid(&selinux_state, ctx->ctx_str, str_len,
author	Stephen Smalley <stephen.smalley.work@gmail.com>	2025-06-13 15:37:05 -0400
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-06-27 11:04:20 +0100
commit	e825daf0b2b1da827ed28cd795c9e80dc34f6ede (patch)
tree	0f8d5a8c3ab698757cf790cc58d4690490f14e33 /security
parent	996c27b974c274731c89f9f095fd41fb14174099 (diff)