Commit e2c8c1b6 authored by John Johansen's avatar John Johansen Committed by Kamal Mostafa

UBUNTU: SAUCE: apparmor: Add missing id bounds check on dfa verification

BugLink: http://bugs.launchpad.net/bugs/1615882Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
Acked-by: default avatarTim Gardner <tim.gardner@canonical.com>
Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
parent 1bb0cbd1
......@@ -62,6 +62,7 @@ struct table_set_header {
#define YYTD_ID_ACCEPT2 6
#define YYTD_ID_NXT 7
#define YYTD_ID_TSIZE 8
#define YYTD_ID_MAX 8
#define YYTD_DATA8 1
#define YYTD_DATA16 2
......
......@@ -74,6 +74,8 @@ static struct table_header *unpack_table(char *blob, size_t bsize)
* it every time we use td_id as an index
*/
th.td_id = be16_to_cpu(*(u16 *) (blob)) - 1;
if (th.td_id > YYTD_ID_MAX)
goto out;
th.td_flags = be16_to_cpu(*(u16 *) (blob + 2));
th.td_lolen = be32_to_cpu(*(u32 *) (blob + 8));
blob += sizeof(struct table_header);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment