Skip to content

Commit

Permalink
selinux: Add boundary check in put_entry()
Browse files Browse the repository at this point in the history 
Just like next_entry(), boundary check is necessary to prevent memory
out-of-bound access.

Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
  • Loading branch information
@pcmoore
Xiu Jianfeng authored and pcmoore committed Jun 15, 2022
1 parent 73de1be commit 15ec76f
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions security/selinux/ss/policydb.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,6 +370,8 @@ static inline int put_entry(const void *buf, size_t bytes, int num, struct polic
{
size_t len = bytes * num;

if (len > fp->len)
return -EINVAL;
memcpy(fp->data, buf, len);
fp->data += len;
fp->len -= len;
Expand Down

0 comments on commit 15ec76f

Please sign in to comment.