]> err.no Git - linux-2.6/commit
SELinux: add more validity checks on policy load
authorStephen Smalley <sds@tycho.nsa.gov>
Wed, 7 Nov 2007 15:08:00 +0000 (10:08 -0500)
committerJames Morris <jmorris@namei.org>
Wed, 7 Nov 2007 21:56:23 +0000 (08:56 +1100)
commit45e5421eb5bbcd9efa037d682dd357284e3ef982
treeceb24143024fe335d08ac30fb4da9ca25fbeb6e6
parent6d2b685564ba417f4c6d80c3661f0dfee13fff85
SELinux: add more validity checks on policy load

Add more validity checks at policy load time to reject malformed
policies and prevent subsequent out-of-range indexing when in permissive
mode.  Resolves the NULL pointer dereference reported in
https://bugzilla.redhat.com/show_bug.cgi?id=357541.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
security/selinux/ss/avtab.c
security/selinux/ss/avtab.h
security/selinux/ss/conditional.c
security/selinux/ss/mls.c
security/selinux/ss/mls.h
security/selinux/ss/policydb.c
security/selinux/ss/policydb.h