From: Joshua Roys <joshua.roys@gtri.gatech.edu>
Date: Wed, 24 Feb 2010 23:52:44 +0000 (-0500)
Subject: netlabel: fix export of SELinux categories > 127
X-Git-Tag: v2.6.34-rc1~295^2
X-Git-Url: https://openfabrics.org/gitweb/?a=commitdiff_plain;h=c36f74e67fa12202dbcb4ad92c5ac844f9d36b98;p=~emulex%2Finfiniband.git

netlabel: fix export of SELinux categories > 127

This fixes corrupted CIPSO packets when SELinux categories greater than 127
are used.  The bug occured on the second (and later) loops through the
while; the inner for loop through the ebitmap->maps array used the same
index as the NetLabel catmap->bitmap array, even though the NetLabel bitmap
is twice as long as the SELinux bitmap.

Signed-off-by: Joshua Roys <joshua.roys@gtri.gatech.edu>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
---

diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index 68c7348d1ac..04b6145d767 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -128,7 +128,7 @@ int ebitmap_netlbl_export(struct ebitmap *ebmap,
 			cmap_idx = delta / NETLBL_CATMAP_MAPSIZE;
 			cmap_sft = delta % NETLBL_CATMAP_MAPSIZE;
 			c_iter->bitmap[cmap_idx]
-				|= e_iter->maps[cmap_idx] << cmap_sft;
+				|= e_iter->maps[i] << cmap_sft;
 		}
 		e_iter = e_iter->next;
 	}