From f9fd25005f815d996c4344967a8ad13dee853303 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Wed, 1 Nov 2023 17:37:25 +0100
Subject: [PATCH] libsepol: avtab: check read counts for saturation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
 
Ensure counts are not set to the maximum value of their type.
Also limit their size during fuzzing to prevent OOM reports.
 
Reported-by: oss-fuzz (issue 60572), caused at the time by the filetrans
             prefix proposal
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
 
Reference: https://github.com/SELinuxProject/selinux/commit/f9fd25005f815d996c4344967a8ad13dee853303
Conflict: NA
---
 libsepol/src/avtab.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 
diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c
index 1ef5ee00..7c2328b7 100644
--- a/libsepol/src/avtab.c
+++ b/libsepol/src/avtab.c
@@ -600,7 +600,7 @@ int avtab_read(avtab_t * a, struct policy_file *fp, uint32_t vers)
 		goto bad;
 	}
 	nel = le32_to_cpu(buf[0]);
-	if (!nel) {
+	if (zero_or_saturated(nel)) {
 		ERR(fp->handle, "table is empty");
 		goto bad;
 	}
-- 
2.33.0