diff options
| author | William Roberts <william.c.roberts@intel.com> | 2016-08-23 16:49:23 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2016-08-29 19:19:50 -0400 |
| commit | 74d977b65e45bc9b536b429e7f3b5e3a8e459026 (patch) | |
| tree | abec3a6c025f9b043f50d96ac632e279d2a1e8de /security | |
| parent | 348a0db9e69e4c214bf5d7677f17cb99cdc47db0 (diff) | |
selinux: detect invalid ebitmap
When count is 0 and the highbit is not zero, the ebitmap is not
valid and the internal node is not allocated. This causes issues
when routines, like mls_context_isvalid() attempt to use the
ebitmap_for_each_bit() and ebitmap_node_get_bit() as they assume
a highbit > 0 will have a node allocated.
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/ss/ebitmap.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index 894b6cdc11c5..7d10e5d418bb 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c | |||
| @@ -374,6 +374,9 @@ int ebitmap_read(struct ebitmap *e, void *fp) | |||
| 374 | goto ok; | 374 | goto ok; |
| 375 | } | 375 | } |
| 376 | 376 | ||
| 377 | if (e->highbit && !count) | ||
| 378 | goto bad; | ||
| 379 | |||
| 377 | for (i = 0; i < count; i++) { | 380 | for (i = 0; i < count; i++) { |
| 378 | rc = next_entry(&startbit, fp, sizeof(u32)); | 381 | rc = next_entry(&startbit, fp, sizeof(u32)); |
| 379 | if (rc < 0) { | 382 | if (rc < 0) { |