On Aug 18, 2023 Stephen Smalley <stephen.smalley.work@xxxxxxxxx> wrote: > > Reject ebitmaps with a node containing an empty map or with an incorrect > highbit. Both checks are already performed by userspace, the former > since 2008 (patch 13cd4c896068 ("initial import from svn trunk revision > 2950")), the latter since v2.7 in 2017 (patch 75b14a5de10a ("libsepol: > ebitmap: reject loading bitmaps with incorrect high bit")). > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > Reviewed-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > --- > security/selinux/ss/ebitmap.c | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c > index 77875ad355f7..ac9da819531d 100644 > --- a/security/selinux/ss/ebitmap.c > +++ b/security/selinux/ss/ebitmap.c ... > @@ -457,6 +461,13 @@ int ebitmap_read(struct ebitmap *e, void *fp) > map = EBITMAP_SHIFT_UNIT_SIZE(map); > } > } > + > + if (n && n->startbit + EBITMAP_SIZE != e->highbit) { > + pr_err("SELinux: ebitmap: high bit %d has not the expected value %ld\n", That reads a little awkward in English, how about "high bit %d is not equal to the expected value %ld\n"? > + e->highbit, n->startbit + EBITMAP_SIZE); > + goto bad; > + } > + > ok: > rc = 0; > out: > -- > 2.40.1 -- paul-moore.com