From: William Roberts <william.c.roberts@xxxxxxxxx>
When count is 0 and the highbit is not zero, the ebitmap is not
valid and the internal node is not allocated. This causes issues
when routines, like mls_context_isvalid() attempt to use the
ebitmap_for_each_bit() and ebitmap_node_get_bit() as they assume
a highbit > 0 will have a node allocated.
Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx>
---
libsepol/src/ebitmap.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libsepol/src/ebitmap.c b/libsepol/src/ebitmap.c
index 58f2fc4..fe8beb8 100644
--- a/libsepol/src/ebitmap.c
+++ b/libsepol/src/ebitmap.c
@@ -394,6 +394,10 @@ int ebitmap_read(ebitmap_t * e, void *fp)
e->highbit, MAPSIZE);
goto bad;
}
+
+ if (e->highbit && !count)
+ goto bad;
+
l = NULL;
for (i = 0; i < count; i++) {
rc = next_entry(buf, fp, sizeof(uint32_t));
--
1.9.1
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
