On Tue, Jul 23, 2019 at 2:51 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
>
> We need to error out when trying to add an entry above SIDTAB_MAX in
> sidtab_reverse_lookup() to avoid overflow on the odd chance that this
> happens.
>
> Fixes: ee1a84fdfeed ("selinux: overhaul sidtab to fix bug and improve performance")
> Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> ---
> security/selinux/ss/sidtab.c | 5 +++++
> 1 file changed, 5 insertions(+)
Thanks. This looks like -stable material to me so I've marked it as
such and merged it into selinux/stable-5.3; assuming it passes
testing, and as long as I don't hear any objections, I'll send it up
to Linus later this week.
> diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
> index e63a90ff2728..1f0a6eaa2d6a 100644
> --- a/security/selinux/ss/sidtab.c
> +++ b/security/selinux/ss/sidtab.c
> @@ -286,6 +286,11 @@ static int sidtab_reverse_lookup(struct sidtab *s, struct context *context,
> ++count;
> }
>
> + /* bail out if we already reached max entries */
> + rc = -EOVERFLOW;
> + if (count >= SIDTAB_MAX)
> + goto out_unlock;
> +
> /* insert context into new entry */
> rc = -ENOMEM;
> dst = sidtab_do_lookup(s, count, 1);
> --
> 2.21.0
--
paul moore
www.paul-moore.com
