From 9f92ded9df56ef4eabeae6550ae4d1fd8b2937d0 Mon Sep 17 00:00:00 2001
From: "kfraser@localhost.localdomain" <kfraser@localhost.localdomain>
Date: Mon, 23 Jul 2007 09:56:49 +0100
Subject: [PATCH] [ACM] Check boundary conditions of passed parameters before
 accessing an array with them. Signed-off-by: Stefan Berger
 <stefanb@us.ibm.com>

---
 xen/acm/acm_simple_type_enforcement_hooks.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

diff --git a/xen/acm/acm_simple_type_enforcement_hooks.c b/xen/acm/acm_simple_type_enforcement_hooks.c
index 1f8dde3744..1e078e3347 100644
--- a/xen/acm/acm_simple_type_enforcement_hooks.c
+++ b/xen/acm/acm_simple_type_enforcement_hooks.c
@@ -40,13 +40,18 @@ struct ste_binary_policy ste_bin_pol;
 
 static inline int have_common_type (ssidref_t ref1, ssidref_t ref2) {
     int i;
-    for( i = 0; i< ste_bin_pol.max_types; i++ )
-        if ( ste_bin_pol.ssidrefs[ref1*ste_bin_pol.max_types + i] && 
-             ste_bin_pol.ssidrefs[ref2*ste_bin_pol.max_types + i])
-        {
-            printkd("%s: common type #%02x.\n", __func__, i);
-            return 1;
-        }
+
+    if ( ref1 >= 0 && ref1 < ste_bin_pol.max_ssidrefs &&
+         ref2 >= 0 && ref2 < ste_bin_pol.max_ssidrefs )
+    {
+        for( i = 0; i< ste_bin_pol.max_types; i++ )
+            if ( ste_bin_pol.ssidrefs[ref1*ste_bin_pol.max_types + i] &&
+                 ste_bin_pol.ssidrefs[ref2*ste_bin_pol.max_types + i])
+            {
+                printkd("%s: common type #%02x.\n", __func__, i);
+                return 1;
+            }
+    }
     return 0;
 }
 
-- 
2.30.2