| Message ID | 20220222134956.30277-1-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 2d35696db33f |
| Headers | show |
| Series | libsepol: NULL pointer offset fix | expand |
On Tue, Feb 22, 2022 at 10:36 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > On the first loop iteration the variables `r_buf` and `reason_buf_used` > are NULL respective 0. Please UBSAN by not adding them but instead > directly assign NULL. > > services.c:800:16: runtime error: applying zero offset to null pointer > #0 0x4d4fce in constraint_expr_eval_reason ./libsepol/src/services.c:800:16 > #1 0x4cf31a in sepol_validate_transition_reason_buffer ./libsepol/src/services.c:1079:8 > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > libsepol/src/services.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libsepol/src/services.c b/libsepol/src/services.c > index 7becfd1b..29723729 100644 > --- a/libsepol/src/services.c > +++ b/libsepol/src/services.c > @@ -797,7 +797,7 @@ mls_ops: > > for (x = 0; buffers[x] != NULL; x++) { > while (1) { > - p = *r_buf + reason_buf_used; > + p = *r_buf ? (*r_buf + reason_buf_used) : NULL; > len = snprintf(p, reason_buf_len - reason_buf_used, > "%s", buffers[x]); > if (len < 0 || len >= reason_buf_len - reason_buf_used) { > -- > 2.35.1 >
On Mon, Feb 28, 2022 at 4:54 PM James Carter <jwcart2@gmail.com> wrote: > > On Tue, Feb 22, 2022 at 10:36 AM Christian Göttsche > <cgzones@googlemail.com> wrote: > > > > On the first loop iteration the variables `r_buf` and `reason_buf_used` > > are NULL respective 0. Please UBSAN by not adding them but instead > > directly assign NULL. > > > > services.c:800:16: runtime error: applying zero offset to null pointer > > #0 0x4d4fce in constraint_expr_eval_reason ./libsepol/src/services.c:800:16 > > #1 0x4cf31a in sepol_validate_transition_reason_buffer ./libsepol/src/services.c:1079:8 > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > Acked-by: James Carter <jwcart2@gmail.com> > Merged. Thanks, Jim > > --- > > libsepol/src/services.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libsepol/src/services.c b/libsepol/src/services.c > > index 7becfd1b..29723729 100644 > > --- a/libsepol/src/services.c > > +++ b/libsepol/src/services.c > > @@ -797,7 +797,7 @@ mls_ops: > > > > for (x = 0; buffers[x] != NULL; x++) { > > while (1) { > > - p = *r_buf + reason_buf_used; > > + p = *r_buf ? (*r_buf + reason_buf_used) : NULL; > > len = snprintf(p, reason_buf_len - reason_buf_used, > > "%s", buffers[x]); > > if (len < 0 || len >= reason_buf_len - reason_buf_used) { > > -- > > 2.35.1 > >
diff --git a/libsepol/src/services.c b/libsepol/src/services.c index 7becfd1b..29723729 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -797,7 +797,7 @@ mls_ops: for (x = 0; buffers[x] != NULL; x++) { while (1) { - p = *r_buf + reason_buf_used; + p = *r_buf ? (*r_buf + reason_buf_used) : NULL; len = snprintf(p, reason_buf_len - reason_buf_used, "%s", buffers[x]); if (len < 0 || len >= reason_buf_len - reason_buf_used) {
On the first loop iteration the variables `r_buf` and `reason_buf_used` are NULL respective 0. Please UBSAN by not adding them but instead directly assign NULL. services.c:800:16: runtime error: applying zero offset to null pointer #0 0x4d4fce in constraint_expr_eval_reason ./libsepol/src/services.c:800:16 #1 0x4cf31a in sepol_validate_transition_reason_buffer ./libsepol/src/services.c:1079:8 Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libsepol/src/services.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)