summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorXiu Jianfeng <xiujianfeng@huawei.com>2022-06-14 04:14:49 +0200
committerPaul Moore <paul@paul-moore.com>2022-06-15 03:52:37 +0200
commit15ec76fb29be31df2bccb30fc09875274cba2776 (patch)
tree77a1eb30dffc1231cafb9f21ea2aa2a55af72c16
parentselinux: fix memleak in security_read_state_kernel() (diff)
downloadlinux-15ec76fb29be31df2bccb30fc09875274cba2776.tar.xz
linux-15ec76fb29be31df2bccb30fc09875274cba2776.zip
selinux: Add boundary check in put_entry()
Just like next_entry(), boundary check is necessary to prevent memory out-of-bound access. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r--security/selinux/ss/policydb.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index c24d4e1063ea..ffc4e7bad205 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -370,6 +370,8 @@ static inline int put_entry(const void *buf, size_t bytes, int num, struct polic
{
size_t len = bytes * num;
+ if (len > fp->len)
+ return -EINVAL;
memcpy(fp->data, buf, len);
fp->data += len;
fp->len -= len;