diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2007-11-07 10:08:00 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2007-11-07 16:56:23 -0500 |
| commit | 45e5421eb5bbcd9efa037d682dd357284e3ef982 (patch) | |
| tree | ceb24143024fe335d08ac30fb4da9ca25fbeb6e6 /security/selinux/ss/mls.h | |
| parent | 6d2b685564ba417f4c6d80c3661f0dfee13fff85 (diff) | |
SELinux: add more validity checks on policy load
Add more validity checks at policy load time to reject malformed
policies and prevent subsequent out-of-range indexing when in permissive
mode. Resolves the NULL pointer dereference reported in
https://bugzilla.redhat.com/show_bug.cgi?id=357541.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss/mls.h')
| -rw-r--r-- | security/selinux/ss/mls.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h index 096d1b4ef7fb..ab53663d9f5f 100644 --- a/security/selinux/ss/mls.h +++ b/security/selinux/ss/mls.h | |||
| @@ -27,6 +27,8 @@ | |||
| 27 | int mls_compute_context_len(struct context *context); | 27 | int mls_compute_context_len(struct context *context); |
| 28 | void mls_sid_to_context(struct context *context, char **scontext); | 28 | void mls_sid_to_context(struct context *context, char **scontext); |
| 29 | int mls_context_isvalid(struct policydb *p, struct context *c); | 29 | int mls_context_isvalid(struct policydb *p, struct context *c); |
| 30 | int mls_range_isvalid(struct policydb *p, struct mls_range *r); | ||
| 31 | int mls_level_isvalid(struct policydb *p, struct mls_level *l); | ||
| 30 | 32 | ||
| 31 | int mls_context_to_sid(char oldc, | 33 | int mls_context_to_sid(char oldc, |
| 32 | char **scontext, | 34 | char **scontext, |