selinux: check sidtab limit before adding a new entry

commit acbc372e6109c803cbee4733769d02008381740f upstream. We need to error out when trying to add an entry above SIDTAB_MAX in sidtab_reverse_lookup() to avoid overflow on the odd chance that this happens. Cc: stable@vger.kernel.org Fixes: ee1a84fdfeed ("selinux: overhaul sidtab to fix bug and improve performance") Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Ondrej Mosnacek <omosnace@redhat.com> 2019-07-23 08:50:59 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-07-31 07:24:58 +0200
commit: 117d3b1d5e3150064b5c83db8eb879f950cb7e05 (patch)
tree: 3a29890e6551626c13672e302cf01edfbff78a9b /security
parent: e459c059b044f8f91c43eb0612e98e85a73a1c41 (diff)
download: linux-rt-117d3b1d5e3150064b5c83db8eb879f950cb7e05.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
index e63a90ff2728..1f0a6eaa2d6a 100644
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@ -286,6 +286,11 @@ static int sidtab_reverse_lookup(struct sidtab *s, struct context *context,
 		++count;
 	}
 
+	/* bail out if we already reached max entries */
+	rc = -EOVERFLOW;
+	if (count >= SIDTAB_MAX)
+		goto out_unlock;
+
 	/* insert context into new entry */
 	rc = -ENOMEM;
 	dst = sidtab_do_lookup(s, count, 1);
author	Ondrej Mosnacek <omosnace@redhat.com>	2019-07-23 08:50:59 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-07-31 07:24:58 +0200
commit	117d3b1d5e3150064b5c83db8eb879f950cb7e05 (patch)
tree	3a29890e6551626c13672e302cf01edfbff78a9b /security
parent	e459c059b044f8f91c43eb0612e98e85a73a1c41 (diff)
download	linux-rt-117d3b1d5e3150064b5c83db8eb879f950cb7e05.tar.gz