selinux: Add boundary check in put_entry()

[ Upstream commit 3f2823a0293e5a5528bb2f2cfbed316ad521b2ff ]

Just like next_entry(), boundary check is necessary to prevent memory
out-of-bound access.

Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 162d0e79b85b369d39418d80a196215ce85a106a..b18bc405f8203339722862c0a8dc067c121b0e32 100644 (file)
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -356,6 +356,8 @@ static inline int put_entry(const void *buf, size_t bytes, int num, struct polic
 {
        size_t len = bytes * num;
 
+       if (len > fp->len)
+               return -EINVAL;
        memcpy(fp->data, buf, len);
        fp->data += len;
        fp->len -= len;