SELinux: add more validity checks on policy load Add more validity checks at policy load time to reject malformed policies and prevent subsequent out-of-range indexing when in permissive mode. Resolves the NULL pointer dereference reported in https://bugzilla.redhat.com/show_bug.cgi?id=357541. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>

commit: 45e5421eb5bbcd9efa037d682dd357284e3ef982 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Wed Nov 07 10:08:00 2007 -0500
committer: James Morris <jmorris@namei.org> Thu Nov 08 08:56:23 2007 +1100
tree: ceb24143024fe335d08ac30fb4da9ca25fbeb6e6
parent: 6d2b685564ba417f4c6d80c3661f0dfee13fff85 [diff] [blame]
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h
index 096d1b4..ab53663 100644
--- a/security/selinux/ss/mls.h
+++ b/security/selinux/ss/mls.h

@@ -27,6 +27,8 @@
 int mls_compute_context_len(struct context *context);
 void mls_sid_to_context(struct context *context, char **scontext);
 int mls_context_isvalid(struct policydb *p, struct context *c);
+int mls_range_isvalid(struct policydb *p, struct mls_range *r);
+int mls_level_isvalid(struct policydb *p, struct mls_level *l);
 
 int mls_context_to_sid(char oldc,
 	               char **scontext,
commit	45e5421eb5bbcd9efa037d682dd357284e3ef982	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Wed Nov 07 10:08:00 2007 -0500
committer	James Morris <jmorris@namei.org>	Thu Nov 08 08:56:23 2007 +1100
tree	ceb24143024fe335d08ac30fb4da9ca25fbeb6e6
parent	6d2b685564ba417f4c6d80c3661f0dfee13fff85 [diff] [blame]