diff options
author | Xiu Jianfeng <xiujianfeng@huawei.com> | 2022-06-14 05:14:49 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-08-25 12:17:32 +0300 |
commit | 90bdf50ae70c5571a277b5601e4f5df210831e0a (patch) | |
tree | bc1f628bdd8736272584348e16fdf89532fd317b /security | |
parent | 3c48d3067eaf878642276f053575a5c642600a50 (diff) | |
download | linux-90bdf50ae70c5571a277b5601e4f5df210831e0a.tar.xz |
selinux: Add boundary check in put_entry()
[ Upstream commit 15ec76fb29be31df2bccb30fc09875274cba2776 ]
Just like next_entry(), boundary check is necessary to prevent memory
out-of-bound access.
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/ss/policydb.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h index 162d0e79b85b..b18bc405f820 100644 --- a/security/selinux/ss/policydb.h +++ b/security/selinux/ss/policydb.h @@ -356,6 +356,8 @@ static inline int put_entry(const void *buf, size_t bytes, int num, struct polic { size_t len = bytes * num; + if (len > fp->len) + return -EINVAL; memcpy(fp->data, buf, len); fp->data += len; fp->len -= len; |