apparmor: check that xindex is in trans_table bounds

Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
2016-03-17 12:02:54 -07:00
parent f7da2de011
commit 23ca7b640b
1 changed files with 1 additions and 1 deletions
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@ -676,7 +676,7 @@ static bool verify_xindex(int xindex, int table_size)
 	int index, xtype;
 	xtype = xindex & AA_X_TYPE_MASK;
 	index = xindex & AA_X_INDEX_MASK;
-	if (xtype == AA_X_TABLE && index > table_size)
+	if (xtype == AA_X_TABLE && index >= table_size)
 		return 0;
 	return 1;
 }