From 94df3f7d24935d12ab96d095fca3c4ed2ad3155c Mon Sep 17 00:00:00 2001
From: Joshua Brindle <brindle@quarksecurity.com>
Date: Fri, 3 Jun 2016 11:17:56 -0400
Subject: [PATCH] Correctly detect unknown classes in
 sepol_string_to_security_class

Bail before running off the end of the class index

Change-Id: I47c4eaac3c7d789f8d85047e34e37e3f0bb38b3a
Signed-off-by: Joshua Brindle <brindle@quarksecurity.com>
---
 libsepol/src/services.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libsepol/src/services.c b/libsepol/src/services.c
index d64a8e8d..665fcaa5 100644
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@@ -1155,7 +1155,7 @@ int hidden sepol_string_to_security_class(const char *class_name,
 	char *class = NULL;
 	sepol_security_class_t id;
 
-	for (id = 1;; id++) {
+	for (id = 1; id <= policydb->p_classes.nprim; id++) {
 		class = policydb->p_class_val_to_name[id - 1];
 		if (class == NULL) {
 			ERR(NULL, "could not convert %s to class id", class_name);
@@ -1166,6 +1166,8 @@ int hidden sepol_string_to_security_class(const char *class_name,
 			return STATUS_SUCCESS;
 		}
 	}
+	ERR(NULL, "unrecognized class %s", class_name);
+	return -EINVAL;
 }
 
 /*