diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2007-11-07 10:08:00 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2007-11-07 16:56:23 -0500 |
commit | 45e5421eb5bbcd9efa037d682dd357284e3ef982 (patch) | |
tree | ceb24143024fe335d08ac30fb4da9ca25fbeb6e6 /security/selinux/ss/conditional.c | |
parent | 6d2b685564ba417f4c6d80c3661f0dfee13fff85 (diff) |
SELinux: add more validity checks on policy load
Add more validity checks at policy load time to reject malformed
policies and prevent subsequent out-of-range indexing when in permissive
mode. Resolves the NULL pointer dereference reported in
https://bugzilla.redhat.com/show_bug.cgi?id=357541.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss/conditional.c')
-rw-r--r-- | security/selinux/ss/conditional.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index 45b93a827c80..50ad85d4b77c 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c | |||
@@ -362,7 +362,8 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list * | |||
362 | data.head = NULL; | 362 | data.head = NULL; |
363 | data.tail = NULL; | 363 | data.tail = NULL; |
364 | for (i = 0; i < len; i++) { | 364 | for (i = 0; i < len; i++) { |
365 | rc = avtab_read_item(fp, p->policyvers, &p->te_cond_avtab, cond_insertf, &data); | 365 | rc = avtab_read_item(&p->te_cond_avtab, fp, p, cond_insertf, |
366 | &data); | ||
366 | if (rc) | 367 | if (rc) |
367 | return rc; | 368 | return rc; |
368 | 369 | ||