From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> Validate that no types with an invalid too high ID are present in the attribute map. Gaps are still not checked. Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- security/selinux/ss/policydb.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 1768ac4ecc2c..9b2eae70e2dc 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -2941,6 +2941,11 @@ int policydb_read(struct policydb *p, struct policy_file *fp) if (rc) goto bad; } + + rc = -EINVAL; + if (ebitmap_highest_set_bit(e) >= p->p_types.nprim) + goto bad; + /* add the type itself as the degenerate case */ rc = ebitmap_set_bit(e, i, 1); if (rc) -- 2.45.2
