diff options
author | Paul Moore | 2019-02-26 01:06:06 +0100 |
---|---|---|
committer | Greg Kroah-Hartman | 2019-03-10 07:17:18 +0100 |
commit | e3713abc4248aa6bcc11173d754c418b02a62cbb (patch) | |
tree | 73884e3d9526f6b98f88b1b79dd307fe70a089a7 /net/netlabel | |
parent | net: dsa: mv88e6xxx: Fix u64 statistics (diff) | |
download | kernel-qcow2-linux-e3713abc4248aa6bcc11173d754c418b02a62cbb.tar.gz kernel-qcow2-linux-e3713abc4248aa6bcc11173d754c418b02a62cbb.tar.xz kernel-qcow2-linux-e3713abc4248aa6bcc11173d754c418b02a62cbb.zip |
netlabel: fix out-of-bounds memory accesses
[ Upstream commit 5578de4834fe0f2a34fedc7374be691443396d1f ]
There are two array out-of-bounds memory accesses, one in
cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both
errors are embarassingly simple, and the fixes are straightforward.
As a FYI for anyone backporting this patch to kernels prior to v4.8,
you'll want to apply the netlbl_bitmap_walk() patch to
cipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before
Linux v4.8.
Reported-by: Jann Horn <jannh@google.com>
Fixes: 446fda4f2682 ("[NetLabel]: CIPSOv4 engine")
Fixes: 3faa8f982f95 ("netlabel: Move bitmap manipulation functions to the NetLabel core.")
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/netlabel')
-rw-r--r-- | net/netlabel/netlabel_kapi.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c index ea7c67050792..ee3e5b6471a6 100644 --- a/net/netlabel/netlabel_kapi.c +++ b/net/netlabel/netlabel_kapi.c @@ -903,7 +903,8 @@ int netlbl_bitmap_walk(const unsigned char *bitmap, u32 bitmap_len, (state == 0 && (byte & bitmask) == 0)) return bit_spot; - bit_spot++; + if (++bit_spot >= bitmap_len) + return -1; bitmask >>= 1; if (bitmask == 0) { byte = bitmap[++byte_offset]; |