Merge tag 'selinux-pr-20190726' of git://git.kernel.org/pub/scm/linux…

…/kernel/git/pcmoore/selinux Pull selinux fix from Paul Moore: "One small SELinux patch to add some proper bounds/overflow checking when adding a new sid/secid" * tag 'selinux-pr-20190726' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux: selinux: check sidtab limit before adding a new entry
Kleist · Jul 27, 2019 · 40233e7 · 40233e7
2 parents a689838 + acbc372
commit 40233e7
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
@@ -286,6 +286,11 @@ static int sidtab_reverse_lookup(struct sidtab *s, struct context *context,
 		++count;
 	}
 
+	/* bail out if we already reached max entries */
+	rc = -EOVERFLOW;
+	if (count >= SIDTAB_MAX)
+		goto out_unlock;
+
 	/* insert context into new entry */
 	rc = -ENOMEM;
 	dst = sidtab_do_lookup(s, count, 1);