RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-04-09 11:12:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

libselinux: avoid regex serialization truncations

Browse Source 
Check (for the probably impossible) case the serialized data is longer
than the compiled fcontext format supports.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
Christian Göttsche 2023-08-09 19:55:17 +02:00 committed by James Carter
parent f1a8afc272
commit 4eea9948d3
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libselinux/src/regex.c
View File

@ -176,7 +176,7 @@ int regex_writef(struct regex_data *regex, FILE *fp, int do_write_precompregex)
/* encode the pattern for serialization */
rc = pcre2_serialize_encode((const pcre2_code **)&regex->regex,
1, &bytes, &serialized_size, NULL);
if (rc != 1) {
if (rc != 1 || serialized_size >= UINT32_MAX) {
rc = -1;
goto out;
}