aboutsummaryrefslogtreecommitdiffstats
path: root/libselinux/src
diff options
context:
space:
mode:
Diffstat (limited to 'libselinux/src')
-rw-r--r--libselinux/src/label_file.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index b3e56713..c722f299 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -325,6 +325,8 @@ static int load_mmap(struct selabel_handle *rec, const char *path, struct stat *
addr += sizeof(uint32_t);
if (memcmp((char *)addr, pcre_version(), len))
return -1; /* pcre version content mismatch */
+ if (addr + *plen >= (char *)mmap_area->addr + mmap_area->len)
+ return -1; /* Buffer over-run */
addr += *plen;
}
@@ -390,11 +392,15 @@ static int load_mmap(struct selabel_handle *rec, const char *path, struct stat *
if (!spec->lr.ctx_raw)
goto err;
+ if (addr + *plen >= (char *)mmap_area->addr + mmap_area->len)
+ return -1;
addr += *plen;
plen = (uint32_t *)addr;
addr += sizeof(uint32_t);
spec->regex_str = (char *)addr;
+ if (addr + *plen >= (char *)mmap_area->addr + mmap_area->len)
+ return -1;
addr += *plen;
spec->mode = *(mode_t *)addr;
@@ -415,12 +421,16 @@ static int load_mmap(struct selabel_handle *rec, const char *path, struct stat *
plen = (uint32_t *)addr;
addr += sizeof(uint32_t);
spec->regex = (pcre *)addr;
+ if (addr + *plen >= (char *)mmap_area->addr + mmap_area->len)
+ return -1;
addr += *plen;
plen = (uint32_t *)addr;
addr += sizeof(uint32_t);
spec->lsd.study_data = (void *)addr;
spec->lsd.flags |= PCRE_EXTRA_STUDY_DATA;
+ if (addr + *plen >= (char *)mmap_area->addr + mmap_area->len)
+ return -1;
addr += *plen;
data->nspec++;
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-14 23:37:07 +0000