SELinux: add more validity checks on policy load Add more validity checks at policy load time to reject malformed policies and prevent subsequent out-of-range indexing when in permissive mode. Resolves the NULL pointer dereference reported in https://bugzilla.redhat.com/show_bug.cgi?id=357541. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>

commit: 45e5421eb5bbcd9efa037d682dd357284e3ef982 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Wed Nov 07 10:08:00 2007 -0500
committer: James Morris <jmorris@namei.org> Thu Nov 08 08:56:23 2007 +1100
tree: ceb24143024fe335d08ac30fb4da9ca25fbeb6e6
parent: 6d2b685564ba417f4c6d80c3661f0dfee13fff85 [diff] [blame]
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 844d310..ed6fc68 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h

@@ -251,6 +251,9 @@
 extern void policydb_destroy(struct policydb *p);
 extern int policydb_load_isids(struct policydb *p, struct sidtab *s);
 extern int policydb_context_isvalid(struct policydb *p, struct context *c);
+extern int policydb_class_isvalid(struct policydb *p, unsigned int class);
+extern int policydb_type_isvalid(struct policydb *p, unsigned int type);
+extern int policydb_role_isvalid(struct policydb *p, unsigned int role);
 extern int policydb_read(struct policydb *p, void *fp);
 
 #define PERM_SYMTAB_SIZE 32
commit	45e5421eb5bbcd9efa037d682dd357284e3ef982	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Wed Nov 07 10:08:00 2007 -0500
committer	James Morris <jmorris@namei.org>	Thu Nov 08 08:56:23 2007 +1100
tree	ceb24143024fe335d08ac30fb4da9ca25fbeb6e6
parent	6d2b685564ba417f4c6d80c3661f0dfee13fff85 [diff] [blame]