Merge tag 'selinux-pr-20181115' of git://git.kernel.org/pub/scm/linux/kernel/git...

Pull SELinux fixes from Paul Moore:
 "Two small SELinux fixes for v4.20.

  Ondrej's patch adds a check on user input, and my patch ensures we
  don't look past the end of a buffer.

  Both patches are quite small and pass the selinux-testsuite"

* tag 'selinux-pr-20181115' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: fix non-MLS handling in mls_context_to_sid()
  selinux: check length properly in SCTP bind hook

diff --combined security/selinux/hooks.c
index 7ce683259357750cdfd25feb978ee1d6a984312b,fe251c6f09f104dcfdd70ee83c72c295f37b390a..a67459eb62d5c8d3066a72c354f13894f68be8ae
--- 1/security/selinux/hooks.c
--- 2/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@@ -4191,7 -4191,7 +4191,7 @@@ static int selinux_task_movememory(stru
                            PROCESS__SETSCHED, NULL);
  }
  
 -static int selinux_task_kill(struct task_struct *p, struct siginfo *info,
 +static int selinux_task_kill(struct task_struct *p, struct kernel_siginfo *info,
                                int sig, const struct cred *cred)
  {
        u32 secid;
@@@ -5318,6 -5318,9 +5318,9 @@@ static int selinux_sctp_bind_connect(st
        addr_buf = address;
  
        while (walk_size < addrlen) {
+               if (walk_size + sizeof(sa_family_t) > addrlen)
+                       return -EINVAL;
+ 
                addr = addr_buf;
                switch (addr->sa_family) {
                case AF_UNSPEC:
@@@ -7207,10 -7210,7 +7210,10 @@@ void selinux_complete_init(void
  
  /* SELinux requires early initialization in order to label
     all processes and objects when they are created. */
 -security_initcall(selinux_init);
 +DEFINE_LSM(selinux) = {
 +      .name = "selinux",
 +      .init = selinux_init,
 +};
  
  #if defined(CONFIG_NETFILTER)