diff mbox series

[RFC,12/24] libselinux: avoid regex serialization truncations

Message ID 20230811162731.50697-13-cgzones@googlemail.com (mailing list archive)
State Superseded
Delegated to: Petr Lautrbach
Headers show
Series libselinux: rework selabel_file(5) database | expand

Commit Message

Christian Göttsche Aug. 11, 2023, 4:27 p.m. UTC 
Check (for the probably impossible) case the serialized data is longer
than the compiled fcontext format supports.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libselinux/src/regex.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c
index 16df6790..88d82fed 100644
--- a/libselinux/src/regex.c
+++ b/libselinux/src/regex.c
@@ -176,7 +176,7 @@  int regex_writef(struct regex_data *regex, FILE *fp, int do_write_precompregex)
 		/* encode the pattern for serialization */
 		rc = pcre2_serialize_encode((const pcre2_code **)&regex->regex,
 					    1, &bytes, &serialized_size, NULL);
-		if (rc != 1) {
+		if (rc != 1 || serialized_size >= UINT32_MAX) {
 			rc = -1;
 			goto out;
 		}