selinux: Add boundary check in put_entry()

[ Upstream commit 15ec76fb29be31df2bccb30fc09875274cba2776 ] Just like next_entry(), boundary check is necessary to prevent memory out-of-bound access. Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Xiu Jianfeng <xiujianfeng@huawei.com> 2022-06-14 05:14:49 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-08-21 16:15:31 +0300
commit: adbfdaacde18faf6cd4e490764045375266b3fbd (patch)
tree: e6522ddc066d048072741b1978115973b188cd7b /security
parent: 003a456ae6f70bb97e436e02fc5105be577c1570 (diff)
download: linux-adbfdaacde18faf6cd4e490764045375266b3fbd.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index c24d4e1063ea..ffc4e7bad205 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -370,6 +370,8 @@ static inline int put_entry(const void *buf, size_t bytes, int num, struct polic
 {
 	size_t len = bytes * num;
 
+	if (len > fp->len)
+		return -EINVAL;
 	memcpy(fp->data, buf, len);
 	fp->data += len;
 	fp->len -= len;
author	Xiu Jianfeng <xiujianfeng@huawei.com>	2022-06-14 05:14:49 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-08-21 16:15:31 +0300
commit	adbfdaacde18faf6cd4e490764045375266b3fbd (patch)
tree	e6522ddc066d048072741b1978115973b188cd7b /security
parent	003a456ae6f70bb97e436e02fc5105be577c1570 (diff)
download	linux-adbfdaacde18faf6cd4e490764045375266b3fbd.tar.xz