On Thu, Oct 5, 2023 at 10:44 AM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Mon, Aug 14, 2023 at 9:42 AM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > Check (for the probably impossible) case the serialized data is longer
> > than the compiled fcontext format supports.
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>
Merged.
Thanks,
Jim
> > ---
> > libselinux/src/regex.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c
> > index 16df6790..88d82fed 100644
> > --- a/libselinux/src/regex.c
> > +++ b/libselinux/src/regex.c
> > @@ -176,7 +176,7 @@ int regex_writef(struct regex_data *regex, FILE *fp, int do_write_precompregex)
> > /* encode the pattern for serialization */
> > rc = pcre2_serialize_encode((const pcre2_code **)®ex->regex,
> > 1, &bytes, &serialized_size, NULL);
> > - if (rc != 1) {
> > + if (rc != 1 || serialized_size >= UINT32_MAX) {
> > rc = -1;
> > goto out;
> > }
> > --
> > 2.40.1
> >
