libsepol: fix invalid access of NULL on type_val_to_struct

In type_set_expand:
When nprim, the table index counter, is greater than the value of initizalized
entries in the type_val_to_struct[] array, detect this as invalid
and return an error.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
This commit is contained in:
William Roberts 2016-08-16 10:28:31 -07:00 committed by James Carter
parent 58e0c3207f
commit 8b4ad4fde5

View File

@ -2514,6 +2514,10 @@ int type_set_expand(type_set_t * set, ebitmap_t * t, policydb_t * p,
if (i > p->p_types.nprim - 1)
goto err_types;
if (!p->type_val_to_struct[i]) {
goto err_types;
}
if (p->type_val_to_struct[i]->flavor ==
TYPE_ATTRIB) {
if (ebitmap_union