apparmor: check that xindex is in trans_table bounds

commit 23ca7b640b4a55f8747301b6bd984dd05545f6a7 upstream.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 329b1fd30749791083d5cbb9e0cb639f87c87367..6b221354f0aa769f5c3a6f75e65e4be7aff001d8 100644 (file)
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -652,7 +652,7 @@ static bool verify_xindex(int xindex, int table_size)
        int index, xtype;
        xtype = xindex & AA_X_TYPE_MASK;
        index = xindex & AA_X_INDEX_MASK;
-       if (xtype == AA_X_TABLE && index > table_size)
+       if (xtype == AA_X_TABLE && index >= table_size)
                return 0;
        return 1;
 }