[PATCH v7 2/7] security: policy: sanity check parameters

[Fabian Pflug]

Do a sanity check for the __is_allowed, before using it as array
index.

Also updated the off-by-one error in is_allowed.

Signed-off-by: Fabian Pflug <f.pflug at pengutronix.de>
---
 commands/sconfig.c | 7 ++++++-
 security/policy.c  | 4 +++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/commands/sconfig.c b/commands/sconfig.c
index 02c3a6b1ed..3ca4478270 100644
--- a/commands/sconfig.c
+++ b/commands/sconfig.c
@@ -37,7 +37,12 @@ static void sconfig_print(const struct security_policy *policy)
 static int sconfig_command_notify(struct notifier_block *nb,
 				  unsigned long opt, void *unused)
 {
-	bool allow = is_allowed(NULL, opt);
+	bool allow;
+
+	if (opt >= SCONFIG_NUM)
+		return 0;
+
+	allow = is_allowed(NULL, opt);
 
 	printf("%s%s%s%s\n", allow ? green : red, allow ? "+" : "-", nc,
 	       sconfig_names[opt]);
diff --git a/security/policy.c b/security/policy.c
index 85333d9e6f..bdfc480500 100644
--- a/security/policy.c
+++ b/security/policy.c
@@ -52,6 +52,8 @@ static bool __is_allowed(const struct security_policy *policy, unsigned option)
 {
 	if (!policy)
 		return true;
+	if (WARN(option >= SCONFIG_NUM))
+		return false;
 
 	return policy->policy[option];
 }
@@ -60,7 +62,7 @@ bool is_allowed(const struct security_policy *policy, unsigned option)
 {
 	policy = policy ?: active_policy;
 
-	if (WARN(option > SCONFIG_NUM))
+	if (WARN(option >= SCONFIG_NUM))
 		return false;
 
 	if (!policy && *CONFIG_SECURITY_POLICY_INIT) {

-- 
2.47.3