From: William Roberts <william.c.roberts@xxxxxxxxx> Correct an invalid memory access when attr_type_map array indexing is outside of bounds. Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx> --- libsepol/src/policydb.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 971793d..b8f6ca8 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -3926,6 +3926,10 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) if (!ebitmap_node_get_bit(tnode, j) || i == j) continue; + + if (j >= p->p_types.nprim) + goto bad; + if (ebitmap_set_bit (&p->attr_type_map[j], i, 1)) goto bad; -- 1.9.1 _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
