libsepol: validate: check low category is not bigger than high

Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>
2025-01-02 03:32:13 +00:00 · 2023-05-12 11:29:59 +02:00 · 2023-05-12 11:29:59 +02:00 · ac015a3996
commit ac015a3996
parent 4cf37608b5
1 changed files with 2 additions and 0 deletions
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@ -545,6 +545,8 @@ static int validate_mls_semantic_cat(const mls_semantic_cat_t *cat, const valida
 			goto bad;
 		if (validate_value(cat->high, cats))
 			goto bad;
+		if (cat->low > cat->high)
+			goto bad;
 	}

 	return 0;