| Message ID | 20230706132337.15924-3-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [RFC,01/20] selinux: check for multiplication overflow in put_entry() | expand |
On Jul 6, 2023 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> wrote: > > Prevent inserting more than the supported U32_MAX number of entries. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > --- > security/selinux/ss/avtab.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) Merged into selinux/next, thanks! -- paul-moore.com
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index fbf51986afcf..9c150fba3fa6 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -110,7 +110,7 @@ static int avtab_insert(struct avtab *h, const struct avtab_key *key, struct avtab_node *prev, *cur, *newnode; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); - if (!h || !h->nslot) + if (!h || !h->nslot || h->nel == U32_MAX) return -EINVAL; hvalue = avtab_hash(key, h->mask); @@ -156,7 +156,7 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_node *prev, *cur; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); - if (!h || !h->nslot) + if (!h || !h->nslot || h->nel == U32_MAX) return NULL; hvalue = avtab_hash(key, h->mask); for (prev = NULL, cur = h->htable[hvalue];
Prevent inserting more than the supported U32_MAX number of entries. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- security/selinux/ss/avtab.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)