68 lines
2.6 KiB
Diff
68 lines
2.6 KiB
Diff
From 8fdb3eb2725040a81e8a600cf6edd3ff4d93c81f Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
|
Date: Thu, 9 Dec 2021 17:49:15 +0100
|
|
Subject: [PATCH] libsepol: validate MLS levels
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Validate the level map of the policy to ensure no level refers to a non
|
|
existent category.
|
|
|
|
READ of size 8 at 0x602000000c58 thread T0
|
|
#0 0x568d2c in cats_ebitmap_len ./libsepol/src/kernel_to_conf.c:1003:14
|
|
#1 0x568d2c in cats_ebitmap_to_str ./libsepol/src/kernel_to_conf.c:1038:19
|
|
#2 0x55e371 in write_level_rules_to_conf ./libsepol/src/kernel_to_conf.c:1106:11
|
|
#3 0x55e371 in write_mls_rules_to_conf ./libsepol/src/kernel_to_conf.c:1140:7
|
|
#4 0x55adb1 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3103:7
|
|
#5 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9
|
|
#6 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o
|
|
#7 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o
|
|
#8 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o
|
|
#9 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2)
|
|
#10 0x7f741d0d67ec in __libc_start_main csu/../csu/libc-start.c:332:16
|
|
#11 0x423689 in _start (./out/binpolicy-fuzzer+0x423689)
|
|
|
|
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
|
|
|
Reference: https://github.com/SELinuxProject/selinux/commit/8fdb3eb2725040a81e8a600cf6edd3ff4d93c81f
|
|
Conflict: Context adaptation
|
|
---
|
|
libsepol/src/policydb_validate.c | 24 ++++++++++++++++++++++++
|
|
1 file changed, 24 insertions(+)
|
|
|
|
diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
|
|
index d4dfab5cd1..03ab4445a8 100644
|
|
--- a/libsepol/src/policydb_validate.c
|
|
+++ b/libsepol/src/policydb_validate.c
|
|
@@ -294,6 +294,27 @@ bad:
|
|
return -1;
|
|
}
|
|
|
|
+static int validate_mls_level(mls_level_t *level, validate_t *sens, validate_t *cats)
|
|
+{
|
|
+ if (validate_value(level->sens, sens))
|
|
+ goto bad;
|
|
+ if (validate_ebitmap(&level->cat, cats))
|
|
+ goto bad;
|
|
+
|
|
+ return 0;
|
|
+
|
|
+ bad:
|
|
+ return -1;
|
|
+}
|
|
+
|
|
+static int validate_level_datum(__attribute__ ((unused)) hashtab_key_t k, hashtab_datum_t d, void *args)
|
|
+{
|
|
+ level_datum_t *level = d;
|
|
+ validate_t *flavors = args;
|
|
+
|
|
+ return validate_mls_level(level->level, &flavors[SYM_LEVELS], &flavors[SYM_CATS]);
|
|
+}
|
|
+
|
|
static int validate_mls_range(mls_range_t *range, validate_t *sens, validate_t *cats)
|
|
{
|
|
if (validate_mls_level(&range->level[0], sens, cats))
|
|
--
|
|
2.33.0
|