selinux: Add boundary check in put_entry()

Just like next_entry(), boundary check is necessary to prevent memory out-of-bound access. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: Paul Moore <paul@paul-moore.com>

selinux: Add boundary check in put_entry()
Just like next_entry(), boundary check is necessary to prevent memory out-of-bound access. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
15ec76fb · Xiu Jianfeng · Paul Moore · 73de1bef · 15ec76fb
Commit 15ec76fb authored Jun 14, 2022 by Xiu Jianfeng Committed by Paul Moore Jun 14, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

security/selinux/ss/policydb.h security/selinux/ss/policydb.h +2 -0

No files found.
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -370,6 +370,8 @@ static inline int put_entry(const void *buf, size_t bytes, int num, struct polic
 {
 	size_t len = bytes * num;

+	if (len > fp->len)
+		return -EINVAL;
 	memcpy(fp->data, buf, len);
 	fp->data += len;
 	fp->len -= len;