summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorOndrej Mosnacek <omosnace@redhat.com>2019-07-23 08:50:59 +0200
committerPaul Moore <paul@paul-moore.com>2019-07-24 17:13:34 +0200
commitacbc372e6109c803cbee4733769d02008381740f (patch)
tree4bccf1658aa986fd09d5d602a0b3073fdd44f6c5 /security
parentselinux: format all invalid context as untrusted (diff)
downloadlinux-acbc372e6109c803cbee4733769d02008381740f.tar.xz
linux-acbc372e6109c803cbee4733769d02008381740f.zip
selinux: check sidtab limit before adding a new entry
We need to error out when trying to add an entry above SIDTAB_MAX in sidtab_reverse_lookup() to avoid overflow on the odd chance that this happens. Cc: stable@vger.kernel.org Fixes: ee1a84fdfeed ("selinux: overhaul sidtab to fix bug and improve performance") Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/ss/sidtab.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
index e63a90ff2728..1f0a6eaa2d6a 100644
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@ -286,6 +286,11 @@ static int sidtab_reverse_lookup(struct sidtab *s, struct context *context,
++count;
}
+ /* bail out if we already reached max entries */
+ rc = -EOVERFLOW;
+ if (count >= SIDTAB_MAX)
+ goto out_unlock;
+
/* insert context into new entry */
rc = -ENOMEM;
dst = sidtab_do_lookup(s, count, 1);