From 45e5421eb5bbcd9efa037d682dd357284e3ef982 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 7 Nov 2007 10:08:00 -0500
Subject: SELinux: add more validity checks on policy load

Add more validity checks at policy load time to reject malformed
policies and prevent subsequent out-of-range indexing when in permissive
mode.  Resolves the NULL pointer dereference reported in
https://bugzilla.redhat.com/show_bug.cgi?id=357541.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/selinux/ss/mls.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'security/selinux/ss/mls.h')

diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h
index 096d1b4ef7fb..ab53663d9f5f 100644
--- a/security/selinux/ss/mls.h
+++ b/security/selinux/ss/mls.h
@@ -27,6 +27,8 @@
 int mls_compute_context_len(struct context *context);
 void mls_sid_to_context(struct context *context, char **scontext);
 int mls_context_isvalid(struct policydb *p, struct context *c);
+int mls_range_isvalid(struct policydb *p, struct mls_range *r);
+int mls_level_isvalid(struct policydb *p, struct mls_level *l);
 
 int mls_context_to_sid(char oldc,
 	               char **scontext,
-- 
cgit