| Message ID | 1472574491-31233-1-git-send-email-william.c.roberts@intel.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
On Tue, Aug 30, 2016 at 12:28 PM, <william.c.roberts@intel.com> wrote: > From: William Roberts <william.c.roberts@intel.com> > > Throughout the SE Linux LSM, values taken from sepolicy are > used in places where length == 0 or length == <saturated> > matter, find and fix these. > > Signed-off-by: William Roberts <william.c.roberts@intel.com> > --- > security/selinux/ss/conditional.c | 2 ++ > security/selinux/ss/policydb.c | 3 +++ > 2 files changed, 5 insertions(+) Merged after I fixed the "SELinux" bit in the patch description. > diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c > index 456e1a9..34afead 100644 > --- a/security/selinux/ss/conditional.c > +++ b/security/selinux/ss/conditional.c > @@ -242,6 +242,8 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) > goto err; > > len = le32_to_cpu(buf[2]); > + if (((len == 0) || (len == (u32)-1))) > + goto err; > > rc = -ENOMEM; > key = kmalloc(len + 1, GFP_KERNEL); > diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c > index 4b24385..8c661f0 100644 > --- a/security/selinux/ss/policydb.c > +++ b/security/selinux/ss/policydb.c > @@ -1094,6 +1094,9 @@ static int str_read(char **strp, gfp_t flags, void *fp, u32 len) > int rc; > char *str; > > + if ((len == 0) || (len == (u32)-1)) > + return -EINVAL; > + > str = kmalloc(len + 1, flags); > if (!str) > return -ENOMEM; > -- > 1.9.1
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index 456e1a9..34afead 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -242,6 +242,8 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp) goto err; len = le32_to_cpu(buf[2]); + if (((len == 0) || (len == (u32)-1))) + goto err; rc = -ENOMEM; key = kmalloc(len + 1, GFP_KERNEL); diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 4b24385..8c661f0 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -1094,6 +1094,9 @@ static int str_read(char **strp, gfp_t flags, void *fp, u32 len) int rc; char *str; + if ((len == 0) || (len == (u32)-1)) + return -EINVAL; + str = kmalloc(len + 1, flags); if (!str) return -ENOMEM;