selinux: check sidtab limit before adding a new entry

We need to error out when trying to add an entry above SIDTAB_MAX in
sidtab_reverse_lookup() to avoid overflow on the odd chance that this
happens.

Cc: [email protected]
Fixes: ee1a84fdfeed ("selinux: overhaul sidtab to fix bug and improve performance")
Signed-off-by: Ondrej Mosnacek <[email protected]>
Reviewed-by: Kees Cook <[email protected]>
Signed-off-by: Paul Moore <[email protected]>

diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
index e63a90ff27285fdd885240d03ea720dd9972d063..1f0a6eaa2d6a139188b88803aa43c8c9eb445792 100644 (file)
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@ -286,6 +286,11 @@ static int sidtab_reverse_lookup(struct sidtab *s, struct context *context,
                ++count;
        }
 
+       /* bail out if we already reached max entries */
+       rc = -EOVERFLOW;
+       if (count >= SIDTAB_MAX)
+               goto out_unlock;
+
        /* insert context into new entry */
        rc = -ENOMEM;
        dst = sidtab_do_lookup(s, count, 1);