| Message ID | 20220614021449.39255-1-xiujianfeng@huawei.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [-next] selinux: Add boundary check in put_entry() | expand |
On Mon, Jun 13, 2022 at 10:16 PM Xiu Jianfeng <xiujianfeng@huawei.com> wrote: > > Just like next_entry(), boundary check is necessary to prevent memory > out-of-bound access. > > Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> > --- > security/selinux/ss/policydb.h | 2 ++ > 1 file changed, 2 insertions(+) It's not as critical here as it is for next_entry(), but it's still not a bad idea. Merged into selinux/next.
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h index c24d4e1063ea..ffc4e7bad205 100644 --- a/security/selinux/ss/policydb.h +++ b/security/selinux/ss/policydb.h @@ -370,6 +370,8 @@ static inline int put_entry(const void *buf, size_t bytes, int num, struct polic { size_t len = bytes * num; + if (len > fp->len) + return -EINVAL; memcpy(fp->data, buf, len); fp->data += len; fp->len -= len;
Just like next_entry(), boundary check is necessary to prevent memory out-of-bound access. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> --- security/selinux/ss/policydb.h | 2 ++ 1 file changed, 2 insertions(+)