Commit 90bdf50a authored Jun 14, 2022 by Xiu Jianfeng Committed by Greg Kroah-Hartman Aug 25, 2022

selinux: Add boundary check in put_entry()



[ Upstream commit 15ec76fb29be31df2bccb30fc09875274cba2776 ]

Just like next_entry(), boundary check is necessary to prevent memory
out-of-bound access.

Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 3c48d306

security/selinux/ss/policydb.h

+2 −0

Original line number	Original line	Diff line number	Diff line
	@@ -356,6 +356,8 @@ static inline int put_entry(const void *buf, size_t bytes, int num, struct polic
	{		{
	size_t len = bytes * num;		size_t len = bytes * num;

			if (len > fp->len)
			return -EINVAL;
	memcpy(fp->data, buf, len);		memcpy(fp->data, buf, len);
	fp->data += len;		fp->data += len;
	fp->len -= len;		fp->len -= len;