Skip to content

Commit

Permalink
selinux: avoid avtab overflows
Browse files Browse the repository at this point in the history
Prevent inserting more than the supported U32_MAX number of entries.

Signed-off-by: Christian Göttsche <[email protected]>
Signed-off-by: Paul Moore <[email protected]>
  • Loading branch information
cgzones authored and pcmoore committed Jul 18, 2023
1 parent bbea03f commit f785c54
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions security/selinux/ss/avtab.c
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ static int avtab_insert(struct avtab *h, const struct avtab_key *key,
struct avtab_node *prev, *cur, *newnode;
u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);

if (!h || !h->nslot)
if (!h || !h->nslot || h->nel == U32_MAX)
return -EINVAL;

hvalue = avtab_hash(key, h->mask);
Expand Down Expand Up @@ -156,7 +156,7 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h,
struct avtab_node *prev, *cur;
u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);

if (!h || !h->nslot)
if (!h || !h->nslot || h->nel == U32_MAX)
return NULL;
hvalue = avtab_hash(key, h->mask);
for (prev = NULL, cur = h->htable[hvalue];
Expand Down

0 comments on commit f785c54

Please sign in to comment.