forked from luck/tmp_suning_uos_patched
selinux: fix overflow and 0 length allocations
Throughout the SELinux LSM, values taken from sepolicy are used in places where length == 0 or length == <saturated> matter, find and fix these. Signed-off-by: William Roberts <william.c.roberts@intel.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
3bc7bcf69b
commit
7c686af071
|
@ -242,6 +242,8 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp)
|
|||
goto err;
|
||||
|
||||
len = le32_to_cpu(buf[2]);
|
||||
if (((len == 0) || (len == (u32)-1)))
|
||||
goto err;
|
||||
|
||||
rc = -ENOMEM;
|
||||
key = kmalloc(len + 1, GFP_KERNEL);
|
||||
|
|
|
@ -1094,6 +1094,9 @@ static int str_read(char **strp, gfp_t flags, void *fp, u32 len)
|
|||
int rc;
|
||||
char *str;
|
||||
|
||||
if ((len == 0) || (len == (u32)-1))
|
||||
return -EINVAL;
|
||||
|
||||
str = kmalloc(len + 1, flags);
|
||||
if (!str)
|
||||
return -ENOMEM;
|
||||
|
|
Loading…
Reference in New Issue
Block a user