From: Xiu Jianfeng xiujianfeng@huawei.com
stable inclusion from stable-v4.19.256 commit 477722f31ad73aa779154d1d7e00825538389f76 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5Q0SQ CVE: NA
--------------------------------
[ Upstream commit 15ec76fb29be31df2bccb30fc09875274cba2776 ]
Just like next_entry(), boundary check is necessary to prevent memory out-of-bound access.
Signed-off-by: Xiu Jianfeng xiujianfeng@huawei.com Signed-off-by: Paul Moore paul@paul-moore.com Signed-off-by: Sasha Levin sashal@kernel.org Signed-off-by: Yongqiang Liu liuyongqiang13@huawei.com --- security/selinux/ss/policydb.h | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h index 215f8f30ac5a..2a479785ebd4 100644 --- a/security/selinux/ss/policydb.h +++ b/security/selinux/ss/policydb.h @@ -360,6 +360,8 @@ static inline int put_entry(const void *buf, size_t bytes, int num, struct polic { size_t len = bytes * num;
+ if (len > fp->len) + return -EINVAL; memcpy(fp->data, buf, len); fp->data += len; fp->len -= len;