[v1] libsepol: add check for category value before printing

Commit Message

Huaxin Lu Nov. 13, 2023, 11:27 p.m. UTC

From: Huaxin Lu <luhuaxin1@huawei.com>

In mls_semantic_level_expand(), there is a explicitly determine
whether category is 0, which may cause an potential integer
overflow in error branch.

Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
---
 libsepol/src/expand.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

James Carter Nov. 14, 2023, 8:39 p.m. UTC | #1

On Mon, Nov 13, 2023 at 8:59 PM <luhuaxin1@huawei.com> wrote:
>
> From: Huaxin Lu <luhuaxin1@huawei.com>
>
> In mls_semantic_level_expand(), there is a explicitly determine
> whether category is 0, which may cause an potential integer
> overflow in error branch.
>
> Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
> ---
>  libsepol/src/expand.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
> index ee5f9185..9ed22bfd 100644
> --- a/libsepol/src/expand.c
> +++ b/libsepol/src/expand.c
> @@ -945,8 +945,8 @@ int mls_semantic_level_expand(mls_semantic_level_t * sl, mls_level_t * l,
>         for (cat = sl->cat; cat; cat = cat->next) {
>                 if (!cat->low || cat->low > cat->high) {
>                         ERR(h, "Category range is not valid %s.%s",
> -                           p->p_cat_val_to_name[cat->low - 1],
> -                           p->p_cat_val_to_name[cat->high - 1]);
> +                           cat->low > 0 ? p->p_cat_val_to_name[cat->low - 1] : "n/a",
> +                           cat->high > 0 ? p->p_cat_val_to_name[cat->high - 1] : "n/a");

I would prefer "Invalid", "Bad Category", "NULL", or something along
those lines instead of "n/a".
Thanks,
Jim


>                         return -1;
>                 }
>                 for (i = cat->low - 1; i < cat->high; i++) {
> --
> 2.33.0
>

Patch

diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index ee5f9185..9ed22bfd 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -945,8 +945,8 @@  int mls_semantic_level_expand(mls_semantic_level_t * sl, mls_level_t * l,
 	for (cat = sl->cat; cat; cat = cat->next) {
 		if (!cat->low || cat->low > cat->high) {
 			ERR(h, "Category range is not valid %s.%s",
-			    p->p_cat_val_to_name[cat->low - 1],
-			    p->p_cat_val_to_name[cat->high - 1]);
+			    cat->low > 0 ? p->p_cat_val_to_name[cat->low - 1] : "n/a",
+			    cat->high > 0 ? p->p_cat_val_to_name[cat->high - 1] : "n/a");
 			return -1;
 		}
 		for (i = cat->low - 1; i < cat->high; i++) {