apparmor: add missing id bounds check on dfa verification

[GitHub/mt8127/android_kernel_alcatel_ttab.git] / security / apparmor / match.c

diff --git a/security/apparmor/match.c b/security/apparmor/match.c
index 90971a8c37898256b1d60b211bdf27865d1f75e4..630f325b87a84115cdd83c48c916f7ea602a52f9 100644 (file)
--- a/security/apparmor/match.c
+++ b/security/apparmor/match.c
@@ -45,6 +45,8 @@ static struct table_header *unpack_table(char *blob, size_t bsize)
         * it every time we use td_id as an index
         */
        th.td_id = be16_to_cpu(*(u16 *) (blob)) - 1;
+       if (th.td_id > YYTD_ID_MAX)
+               goto out;
        th.td_flags = be16_to_cpu(*(u16 *) (blob + 2));
        th.td_lolen = be32_to_cpu(*(u32 *) (blob + 8));
        blob += sizeof(struct table_header);