[PATCH 03/11] hornet: fix off-by-one bug in max used maps check
Blaise Boscaccy
bboscaccy at linux.microsoft.com
Thu May 28 03:08:12 UTC 2026
Sashiko correctly reported an off-by-one logic error checking against
the maximum number of used maps. Removing the index constraint allows
us to simplify the check logic.
Signed-off-by: Blaise Boscaccy <bboscaccy at linux.microsoft.com>
---
security/hornet/hornet_lsm.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/security/hornet/hornet_lsm.c b/security/hornet/hornet_lsm.c
index 35d9522d6bc72..eeb422db1092d 100644
--- a/security/hornet/hornet_lsm.c
+++ b/security/hornet/hornet_lsm.c
@@ -49,8 +49,7 @@ int hornet_next_map(void *context, size_t hdrlen,
{
struct hornet_parse_context *ctx = (struct hornet_parse_context *)context;
- if (++ctx->security->signed_hash_count >= MAX_USED_MAPS)
- return -EINVAL;
+ ctx->security->signed_hash_count++;
return 0;
}
@@ -63,6 +62,8 @@ int hornet_map_hash(void *context, size_t hdrlen,
if (vlen != SHA256_DIGEST_SIZE && vlen != 0)
return -EINVAL;
+ if (ctx->security->signed_hash_count >= MAX_USED_MAPS)
+ return -EINVAL;
memcpy(&ctx->security->signed_hashes[ctx->security->signed_hash_count * SHA256_DIGEST_SIZE],
value, vlen);
--
2.53.0
More information about the Linux-security-module-archive
mailing list