| Message ID | 20231101163725.177237-2-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | f9fd25005f81 |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | [v2,1/2] libsepol: reject avtab entries with invalid specifier | expand |
diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c index 1ef5ee00..7c2328b7 100644 --- a/libsepol/src/avtab.c +++ b/libsepol/src/avtab.c @@ -600,7 +600,7 @@ int avtab_read(avtab_t * a, struct policy_file *fp, uint32_t vers) goto bad; } nel = le32_to_cpu(buf[0]); - if (!nel) { + if (zero_or_saturated(nel)) { ERR(fp->handle, "table is empty"); goto bad; }
Ensure counts are not set to the maximum value of their type. Also limit their size during fuzzing to prevent OOM reports. Reported-by: oss-fuzz (issue 60572), caused at the time by the filetrans prefix proposal Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- v2: rebase after revert of filename prefix proposal --- libsepol/src/avtab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)