On Tue, Aug 23, 2016 at 4:49 PM, <william.c.roberts@xxxxxxxxx> wrote: > From: William Roberts <william.c.roberts@xxxxxxxxx> > > libsepol pointed out an issue where its possible to have > an unitialized jmp and invalid dereference, fix this. > While we're here, zero allocate all the *_val_to_struct > structures. > > Signed-off-by: William Roberts <william.c.roberts@xxxxxxxxx> > --- > security/selinux/ss/policydb.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) Merged, thanks. > diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c > index 992a315..4b24385 100644 > --- a/security/selinux/ss/policydb.c > +++ b/security/selinux/ss/policydb.c > @@ -541,21 +541,21 @@ static int policydb_index(struct policydb *p) > > rc = -ENOMEM; > p->class_val_to_struct = > - kmalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), > + kzalloc(p->p_classes.nprim * sizeof(*(p->class_val_to_struct)), > GFP_KERNEL); > if (!p->class_val_to_struct) > goto out; > > rc = -ENOMEM; > p->role_val_to_struct = > - kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), > + kzalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), > GFP_KERNEL); > if (!p->role_val_to_struct) > goto out; > > rc = -ENOMEM; > p->user_val_to_struct = > - kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), > + kzalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), > GFP_KERNEL); > if (!p->user_val_to_struct) > goto out; > @@ -964,7 +964,7 @@ int policydb_context_isvalid(struct policydb *p, struct context *c) > * Role must be authorized for the type. > */ > role = p->role_val_to_struct[c->role - 1]; > - if (!ebitmap_get_bit(&role->types, c->type - 1)) > + if (!role || !ebitmap_get_bit(&role->types, c->type - 1)) > /* role may not be associated with type */ > return 0; > > -- > 1.9.1 > > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
