| Message ID | 20230814132025.45364-13-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 4eea9948d3cc |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | libselinux: rework selabel_file(5) database | expand |
On Mon, Aug 14, 2023 at 9:42 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > Check (for the probably impossible) case the serialized data is longer > than the compiled fcontext format supports. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > libselinux/src/regex.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c > index 16df6790..88d82fed 100644 > --- a/libselinux/src/regex.c > +++ b/libselinux/src/regex.c > @@ -176,7 +176,7 @@ int regex_writef(struct regex_data *regex, FILE *fp, int do_write_precompregex) > /* encode the pattern for serialization */ > rc = pcre2_serialize_encode((const pcre2_code **)®ex->regex, > 1, &bytes, &serialized_size, NULL); > - if (rc != 1) { > + if (rc != 1 || serialized_size >= UINT32_MAX) { > rc = -1; > goto out; > } > -- > 2.40.1 >
On Thu, Oct 5, 2023 at 10:44 AM James Carter <jwcart2@gmail.com> wrote: > > On Mon, Aug 14, 2023 at 9:42 AM Christian Göttsche > <cgzones@googlemail.com> wrote: > > > > Check (for the probably impossible) case the serialized data is longer > > than the compiled fcontext format supports. > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > Acked-by: James Carter <jwcart2@gmail.com> > Merged. Thanks, Jim > > --- > > libselinux/src/regex.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c > > index 16df6790..88d82fed 100644 > > --- a/libselinux/src/regex.c > > +++ b/libselinux/src/regex.c > > @@ -176,7 +176,7 @@ int regex_writef(struct regex_data *regex, FILE *fp, int do_write_precompregex) > > /* encode the pattern for serialization */ > > rc = pcre2_serialize_encode((const pcre2_code **)®ex->regex, > > 1, &bytes, &serialized_size, NULL); > > - if (rc != 1) { > > + if (rc != 1 || serialized_size >= UINT32_MAX) { > > rc = -1; > > goto out; > > } > > -- > > 2.40.1 > >
diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c index 16df6790..88d82fed 100644 --- a/libselinux/src/regex.c +++ b/libselinux/src/regex.c @@ -176,7 +176,7 @@ int regex_writef(struct regex_data *regex, FILE *fp, int do_write_precompregex) /* encode the pattern for serialization */ rc = pcre2_serialize_encode((const pcre2_code **)®ex->regex, 1, &bytes, &serialized_size, NULL); - if (rc != 1) { + if (rc != 1 || serialized_size >= UINT32_MAX) { rc = -1; goto out; }
Check (for the probably impossible) case the serialized data is longer than the compiled fcontext format supports. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libselinux/src/regex.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)