diff mbox

[2/2] Correctly detect unknown classes in sepol_string_to_security_class

Message ID 1464966566-14597-2-git-send-email-brindle@quarksecurity.com (mailing list archive)
State Not Applicable
Headers show

Commit Message

Joshua Brindle June 3, 2016, 3:09 p.m. UTC 
Bail before running off the end of the class index

Change-Id: I47c4eaac3c7d789f8d85047e34e37e3f0bb38b3a
Signed-off-by: Joshua Brindle <brindle@quarksecurity.com>
---
 libsepol/src/services.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
diff mbox

Patch

diff --git a/libsepol/src/services.c b/libsepol/src/services.c
index d64a8e8..8679545 100644
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@@ -1155,7 +1155,7 @@  int hidden sepol_string_to_security_class(const char *class_name,
 	char *class = NULL;
 	sepol_security_class_t id;
 
-	for (id = 1;; id++) {
+	for (id = 1; id < policydb->p_classes.nprim; id++) {
 		class = policydb->p_class_val_to_name[id - 1];
 		if (class == NULL) {
 			ERR(NULL, "could not convert %s to class id", class_name);
@@ -1166,6 +1166,8 @@  int hidden sepol_string_to_security_class(const char *class_name,
 			return STATUS_SUCCESS;
 		}
 	}
+	ERR(NULL, "unrecognized class %s", class_name);
+	return -EINVAL;
 }
 
 /*