From: William Roberts <william.c.roberts@xxxxxxxxx>
In type_set_expand:
When nprim, the table index counter, is greater than the value of initizalized
entries in the type_val_to_struct[] array, detect this as invalid
and return an error.
Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx>
---
libsepol/src/expand.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index 0ad57f5..e6d3ef1 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -2514,6 +2514,10 @@ int type_set_expand(type_set_t * set, ebitmap_t * t, policydb_t * p,
if (i > p->p_types.nprim - 1)
goto err_types;
+ if (!p->type_val_to_struct[i]) {
+ goto err_types;
+ }
+
if (p->type_val_to_struct[i]->flavor ==
TYPE_ATTRIB) {
if (ebitmap_union
--
1.9.1
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
