Merge tag 'selinux-pr-20190726' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux

Pull selinux fix from Paul Moore: "One small SELinux patch to add some proper bounds/overflow checking when adding a new sid/secid" * tag 'selinux-pr-20190726' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: check sidtab limit before adding a new entry
author: Linus Torvalds <torvalds@linux-foundation.org> 2019-07-26 19:13:38 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> 2019-07-26 19:13:38 -0700
commit: 40233e7c447367ffc615b524187970732848d5e3 (patch)
tree: f21626c0722b660902ddfadef62cb122203b1a84 /security
parent: a689838913670765f7754bb1ba749acac9541626 (diff)
parent: acbc372e6109c803cbee4733769d02008381740f (diff)
download: linux-0-day-40233e7c447367ffc615b524187970732848d5e3.tar.gz
linux-0-day-40233e7c447367ffc615b524187970732848d5e3.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
index e63a90ff27285..1f0a6eaa2d6a1 100644
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@ -286,6 +286,11 @@ static int sidtab_reverse_lookup(struct sidtab *s, struct context *context,
 		++count;
 	}
 
+	/* bail out if we already reached max entries */
+	rc = -EOVERFLOW;
+	if (count >= SIDTAB_MAX)
+		goto out_unlock;
+
 	/* insert context into new entry */
 	rc = -ENOMEM;
 	dst = sidtab_do_lookup(s, count, 1);
author	Linus Torvalds <torvalds@linux-foundation.org>	2019-07-26 19:13:38 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	2019-07-26 19:13:38 -0700
commit	40233e7c447367ffc615b524187970732848d5e3 (patch)
tree	f21626c0722b660902ddfadef62cb122203b1a84 /security
parent	a689838913670765f7754bb1ba749acac9541626 (diff)
parent	acbc372e6109c803cbee4733769d02008381740f (diff)
download	linux-0-day-40233e7c447367ffc615b524187970732848d5e3.tar.gz linux-0-day-40233e7c447367ffc615b524187970732848d5e3.tar.xz