Skip to content

Commit

Permalink
selinux: fix overflow and 0 length allocations
Browse files Browse the repository at this point in the history 
Throughout the SELinux LSM, values taken from sepolicy are
used in places where length == 0 or length == <saturated>
matter, find and fix these.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
  • Loading branch information
William Roberts authored and Paul Moore committed Aug 30, 2016
1 parent 3bc7bcf commit 7c686af
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
2 changes: 2 additions & 0 deletions security/selinux/ss/conditional.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -242,6 +242,8 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp)
goto err;

len = le32_to_cpu(buf[2]);
if (((len == 0) || (len == (u32)-1)))
goto err;

rc = -ENOMEM;
key = kmalloc(len + 1, GFP_KERNEL);
Expand Down
3 changes: 3 additions & 0 deletions security/selinux/ss/policydb.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1094,6 +1094,9 @@ static int str_read(char **strp, gfp_t flags, void *fp, u32 len)
int rc;
char *str;

if ((len == 0) || (len == (u32)-1))
return -EINVAL;

str = kmalloc(len + 1, flags);
if (!str)
return -ENOMEM;
Expand Down

0 comments on commit 7c686af

Please sign in to comment.