selinux: check length fields in policies

In multiple places the binary policy announces how many items of some
kind are to be expected next.  Before reading them the kernel already
allocates enough memory for that announced size.  Validate that the
remaining input size can actually fit the announced items, to avoid OOM
issues on malformed binary policies.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
[PM: manual merge fuzz fixups, style fixes]
Signed-off-by: Paul Moore <paul@paul-moore.com>

0 files changed, 0 insertions, 0 deletions