[ACM] Check boundary conditions of passed parameters before accessing

an array with them.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>

diff --git a/xen/acm/acm_simple_type_enforcement_hooks.c b/xen/acm/acm_simple_type_enforcement_hooks.c
index 1f8dde37441343c910e9a73837c85f4559d05f37..1e078e334779e5eaed43af8c508abec219138a5e 100644 (file)
--- a/xen/acm/acm_simple_type_enforcement_hooks.c
+++ b/xen/acm/acm_simple_type_enforcement_hooks.c
@@ -40,13 +40,18 @@ struct ste_binary_policy ste_bin_pol;
 
 static inline int have_common_type (ssidref_t ref1, ssidref_t ref2) {
     int i;
-    for( i = 0; i< ste_bin_pol.max_types; i++ )
-        if ( ste_bin_pol.ssidrefs[ref1*ste_bin_pol.max_types + i] && 
-             ste_bin_pol.ssidrefs[ref2*ste_bin_pol.max_types + i])
-        {
-            printkd("%s: common type #%02x.\n", __func__, i);
-            return 1;
-        }
+
+    if ( ref1 >= 0 && ref1 < ste_bin_pol.max_ssidrefs &&
+         ref2 >= 0 && ref2 < ste_bin_pol.max_ssidrefs )
+    {
+        for( i = 0; i< ste_bin_pol.max_types; i++ )
+            if ( ste_bin_pol.ssidrefs[ref1*ste_bin_pol.max_types + i] &&
+                 ste_bin_pol.ssidrefs[ref2*ste_bin_pol.max_types + i])
+            {
+                printkd("%s: common type #%02x.\n", __func__, i);
+                return 1;
+            }
+    }
     return 0;
 }