selinux: Fix check for xfrm selinux context algorithm

selinux_xfrm_sec_ctx_alloc accidentally checks the xfrm domain of interpretation against the selinux context algorithm. This patch fixes this by checking ctx_alg against the selinux context algorithm. Signed-off-by: Steffen Klassert <[email protected]> Acked-by: Paul Moore <[email protected]> Signed-off-by: Eric Paris <[email protected]>
realfirst · Feb 25, 2011 · 8f82a68 · 8f82a68
1 parent 4916ca4
commit 8f82a68
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
@@ -208,7 +208,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
 	if (!uctx)
 		goto not_from_user;
 
-	if (uctx->ctx_doi != XFRM_SC_ALG_SELINUX)
+	if (uctx->ctx_alg != XFRM_SC_ALG_SELINUX)
 		return -EINVAL;
 
 	str_len = uctx->ctx_len;