From: William Roberts Date: Tue, 23 Aug 2016 20:49:23 +0000 (-0700) Subject: selinux: detect invalid ebitmap X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=74d977b65e45bc9b536b429e7f3b5e3a8e459026;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git selinux: detect invalid ebitmap When count is 0 and the highbit is not zero, the ebitmap is not valid and the internal node is not allocated. This causes issues when routines, like mls_context_isvalid() attempt to use the ebitmap_for_each_bit() and ebitmap_node_get_bit() as they assume a highbit > 0 will have a node allocated. Signed-off-by: William Roberts Signed-off-by: Paul Moore --- diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index 894b6cdc11c5..7d10e5d418bb 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c @@ -374,6 +374,9 @@ int ebitmap_read(struct ebitmap *e, void *fp) goto ok; } + if (e->highbit && !count) + goto bad; + for (i = 0; i < count; i++) { rc = next_entry(&startbit, fp, sizeof(u32)); if (rc < 0) {