Kernel/linux-next
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git synced 2025-01-10 15:58:47 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

selinux: fix overflow and 0 length allocations

Browse Source 
Throughout the SELinux LSM, values taken from sepolicy are
used in places where length == 0 or length == <saturated>
matter, find and fix these.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
William Roberts 2016-08-30 09:28:11 -07:00 committed by Paul Moore
parent 3bc7bcf69b
commit 7c686af071
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/selinux/ss/conditional.c
View File

@ -242,6 +242,8 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp)
goto err; goto err;
len = le32_to_cpu(buf[2]); len = le32_to_cpu(buf[2]);
if (((len == 0) || (len == (u32)-1)))
goto err;
rc = -ENOMEM; rc = -ENOMEM;
key = kmalloc(len + 1, GFP_KERNEL); key = kmalloc(len + 1, GFP_KERNEL);

3
security/selinux/ss/policydb.c
View File

@ -1094,6 +1094,9 @@ static int str_read(char **strp, gfp_t flags, void *fp, u32 len)
int rc; int rc;
char *str; char *str;
if ((len == 0) || (len == (u32)-1))
return -EINVAL;
str = kmalloc(len + 1, flags); str = kmalloc(len + 1, flags);
if (!str) if (!str)
return -ENOMEM; return -ENOMEM;