2 files changed, 6 insertions, 3 deletions

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index b5f017f07a75..f00161ef99ed 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -792,7 +792,7 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
  * @scontext: security context
  * @scontext_len: length in bytes
  * @sid: security identifier, SID
- * @def_sid: default SID to assign on errror
+ * @def_sid: default SID to assign on error
  *
  * Obtains a SID associated with the security context that
  * has the string representation specified by @scontext.
@@ -2417,8 +2417,10 @@ static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr,
 
 	cache->type = NETLBL_CACHE_T_MLS;
 	if (ebitmap_cpy(&cache->data.mls_label.level[0].cat,
-			&ctx->range.level[0].cat) != 0)
+			&ctx->range.level[0].cat) != 0) {
+		kfree(cache);
 		return;
+	}
 	cache->data.mls_label.level[1].cat.highbit =
 		cache->data.mls_label.level[0].cat.highbit;
 	cache->data.mls_label.level[1].cat.node =
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c
index bd8d1ef40a90..ba715f40b658 100644
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@@ -216,7 +216,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
 		return -ENOMEM;
 
 	*ctxp = ctx = kmalloc(sizeof(*ctx) +
-			      uctx->ctx_len,
+			      uctx->ctx_len + 1,
 			      GFP_KERNEL);
 
 	if (!ctx)
@@ -229,6 +229,7 @@ static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp,
 	memcpy(ctx->ctx_str,
 	       uctx+1,
 	       ctx->ctx_len);
+	ctx->ctx_str[ctx->ctx_len] = 0;
 	rc = security_context_to_sid(ctx->ctx_str,
 				     ctx->ctx_len,
 				     &ctx->ctx_sid);