selinux: avoid avtab overflows

Prevent inserting more than the supported U32_MAX number of entries. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Christian Göttsche <cgzones@googlemail.com> 2023-07-06 15:23:18 +0200
committer: Paul Moore <paul@paul-moore.com> 2023-07-18 18:29:47 -0400
commit: f785c54101e01f8e5f84464f8755671246b13794 (patch)
tree: f31b147728bdfd2e15f6bbbe4ca3133d5dd260ea /security/selinux
parent: bbea03f474850b3bce329aa3b990b1a4853136f0 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index 6766edc0fe68..7d21de48c28d 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -110,7 +110,7 @@ static int avtab_insert(struct avtab *h, const struct avtab_key *key,
 	struct avtab_node *prev, *cur, *newnode;
 	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
 
-	if (!h || !h->nslot)
+	if (!h || !h->nslot || h->nel == U32_MAX)
 		return -EINVAL;
 
 	hvalue = avtab_hash(key, h->mask);
@@ -156,7 +156,7 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h,
 	struct avtab_node *prev, *cur;
 	u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
 
-	if (!h || !h->nslot)
+	if (!h || !h->nslot || h->nel == U32_MAX)
 		return NULL;
 	hvalue = avtab_hash(key, h->mask);
 	for (prev = NULL, cur = h->htable[hvalue];
author	Christian Göttsche <cgzones@googlemail.com>	2023-07-06 15:23:18 +0200
committer	Paul Moore <paul@paul-moore.com>	2023-07-18 18:29:47 -0400
commit	f785c54101e01f8e5f84464f8755671246b13794 (patch)
tree	f31b147728bdfd2e15f6bbbe4ca3133d5dd260ea /security/selinux
parent	bbea03f474850b3bce329aa3b990b1a4853136f0 (diff)