From patchwork Fri Nov 5 15:45:03 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604961 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40888C433FE for ; Fri, 5 Nov 2021 15:45:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2797961108 for ; Fri, 5 Nov 2021 15:45:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232671AbhKEPs3 (ORCPT ); Fri, 5 Nov 2021 11:48:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44714 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232644AbhKEPs2 (ORCPT ); Fri, 5 Nov 2021 11:48:28 -0400 Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 71D11C061205 for ; Fri, 5 Nov 2021 08:45:48 -0700 (PDT) Received: by mail-ed1-x52b.google.com with SMTP id f8so34733963edy.4 for ; Fri, 05 Nov 2021 08:45:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=loCrjo32Jk9lr8zUymqvOJ9RVBJTv3KKer2FC1y/IlU=; b=mVdZYpJjfW7JGSvlSe/zvg5zOEIK50GLfUrnWA2tKDB76gLpTU53TP88p5+TcRQ6rP FaLo5WmFUPnTcSJuIJyRc3ZIO3be79L/l4X4DVXCnAhbuakpNi42T6AslhFmjsdRGvty j/Pj+DHAHU72XKANpV87ZgKmN30eeZz7sqk8NTbBhp4eGf9XKzA7oNh+1YpXvJt8tb9B UpQ1yowxILayIKk7YwSMntPeq8/JTCNoNzGAmWg3nzXRijKJbvsJSmdlYpRoYgiSuPdI LHIXWBUva62lYZg8Z9rkEX6xrSkdiRK9FRdDD/1xpNxYIwnDDFfZCWdlJyWG3C7whCnh CHUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=loCrjo32Jk9lr8zUymqvOJ9RVBJTv3KKer2FC1y/IlU=; b=RwuqxKAdWLGFaIPMFn8YAye4LG6I9MgLRsDr3+Y5bxXT/mXzirANgONRgogmMmJ94F GPL4FbO4aGrrvWjieeB7QKiqlwFCYP0vZahIS1GAppYPmq6BA8IYwFQ4rUVid1rZFxaQ akLamWmakFiVTBDZ37GU6WmL+AUV/L+/BItf77Tn90ArNHuz9EwarbIxs0kbpjLofb0X HUWsMd4H92o2xwbck0Xn8GJnUa57a/KS3cD4aHkJmD56QA4sY3MBsPOXcpgzevCUo4AH wIJ1kw7bWOxzQHAJpevyy2rLJ1PSVkluZ5mavNmgN1rl+DSfXKtyq1SeH7KZhiW5/vGZ wKcw== X-Gm-Message-State: AOAM531simN6mbjt6EWE3r600j3WWEA2axrctfKNis6/Scn6fdqZg1b+ ocjKHydD+UqQKEAO5j4sLefoEhNhdNM= X-Google-Smtp-Source: ABdhPJyrid16nGiVGxhps1LQRhEahJ12mybWIDCstyEVpRGX40+c3+H+4rRMpI/UBYb0g8zNXDuGdQ== X-Received: by 2002:a17:907:1c15:: with SMTP id nc21mr58812177ejc.510.1636127147069; Fri, 05 Nov 2021 08:45:47 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:46 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 01/36] cifuzz: enable report-unreproducible-crashes Date: Fri, 5 Nov 2021 16:45:03 +0100 Message-Id: <20211105154542.38434-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Fail and report unreproducible fuzzing crashes and leaks. Such failures are probably related to some global state not properly reset in the fuzzer and can cause OSS-Fuzz to report flaky issues. Suggested-by: Evgeny Vereshchagin Signed-off-by: Christian Göttsche --- .github/workflows/cifuzz.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index 5c2233a2..b28eb71a 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -30,6 +30,7 @@ jobs: oss-fuzz-project-name: 'selinux' fuzz-seconds: 180 dry-run: false + report-unreproducible-crashes: true sanitizer: ${{ matrix.sanitizer }} - name: Upload Crash uses: actions/upload-artifact@v1 From patchwork Fri Nov 5 15:45:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604965 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F707C433F5 for ; Fri, 5 Nov 2021 15:45:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 66E5761108 for ; Fri, 5 Nov 2021 15:45:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232644AbhKEPs3 (ORCPT ); Fri, 5 Nov 2021 11:48:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44718 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232650AbhKEPs2 (ORCPT ); Fri, 5 Nov 2021 11:48:28 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 10305C06120A for ; Fri, 5 Nov 2021 08:45:49 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id c8so17811387ede.13 for ; Fri, 05 Nov 2021 08:45:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=jVaB6lNKmvp5u9IjljUK2ceDUgI9bQzcsD+/kI8WaMk=; b=SVOwhPookGBqfA6cBGM65pJyA2NuX1j9JsApnvqKNPaPUQOLMISfyAioSQy9/gjuG4 HmDVakor6ulifxCC/X7A2e+sEeYwTr4GeST10jiQNThnRvmMUHFED9y/s8uF5CR76G+9 li0tSuWBRyBfeiFJ4lFyeyNxZSWtIwoQhsVCIWwoPlGF0Dm4MKFswX48D9M3elEDuR1Q tOj9iJSlaMNA5V1ufwJCAcVd+x9w3KhOQwd3QpYjOxQ8ZV85YWMB0sTn+UaiM60XhZak llhmB1aKiBtx7g6VYjYxSX2XguTZfn/Yaws6NdkZNrymKZfahIXhkYeVkpKRGjpsNHOk 74pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=jVaB6lNKmvp5u9IjljUK2ceDUgI9bQzcsD+/kI8WaMk=; b=gqBTDvmZufSd2CxlmqPAfc8ly2bnW4CQP2OV9KwSFLMcnu05T8v0LW54NGMfCKMCpy MaHrRuXChHlHOSi4z2m6PIlygMtfifpKXICtWLAwaml+EPQ5/60whj/i2s3LZbQe6X23 naDHCQMeNbPdz1/mEaeD+TPOcayjmolj1CFK2N87hmCBawrbZmSi6P+eQu5AdwS0jlpV MmUlvT5/nsbsTmWAwpE7FdNEiSOvEAyEWG42XZI9Lv5/tGDINdOXL5RzEBMtWhFBNM+u JNNGXLpZ5udcFd9kqA4AGUvovGwK7Ir+7huv2evkb/DiWOOc1QRy55mJ6aJCGy1Ro6nU TFBA== X-Gm-Message-State: AOAM531zOVSti/Or2TpVU9qXdo2JnOcdZNl+NscDOu1u42jhJ3mPsEIY nLyNSpZeoEApfKdLTvN64wzR5X2G3UY= X-Google-Smtp-Source: ABdhPJx54NCzmBtBn4eQ/4CXDpTkzW6cL0Yat1MIde5azHfzUjpDZfhT7fz6xbPVvVlc+rAW1/NLAg== X-Received: by 2002:a17:907:9803:: with SMTP id ji3mr69728732ejc.286.1636127147564; Fri, 05 Nov 2021 08:45:47 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:47 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 02/36] cifuzz: use the default runtime of 600 seconds Date: Fri, 5 Nov 2021 16:45:04 +0100 Message-Id: <20211105154542.38434-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The default runtime for CIFuzz[1] is 600 seconds; use it. Since GitHub pull-requests are not the main contribution workflow the number of runs should be manageable. [1]: https://google.github.io/oss-fuzz/getting-started/continuous-integration/ Signed-off-by: Christian Göttsche --- .github/workflows/cifuzz.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index b28eb71a..92523db4 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -28,7 +28,7 @@ jobs: uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master with: oss-fuzz-project-name: 'selinux' - fuzz-seconds: 180 + fuzz-seconds: 600 dry-run: false report-unreproducible-crashes: true sanitizer: ${{ matrix.sanitizer }} From patchwork Fri Nov 5 15:45:05 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604963 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 051C5C4332F for ; Fri, 5 Nov 2021 15:45:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E07E561108 for ; Fri, 5 Nov 2021 15:45:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232680AbhKEPs3 (ORCPT ); Fri, 5 Nov 2021 11:48:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44726 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232631AbhKEPs3 (ORCPT ); Fri, 5 Nov 2021 11:48:29 -0400 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8763CC061714 for ; Fri, 5 Nov 2021 08:45:49 -0700 (PDT) Received: by mail-ed1-x52e.google.com with SMTP id j21so34368043edt.11 for ; Fri, 05 Nov 2021 08:45:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=FDAgIT7NldBuqTY7NfEQiDBUAYm/yPMvcAW+0H2wqiU=; b=OBd03s6Y792fNbwooo9CeOaQeUOKhEaP1ARmDzcN/d+GcJn/+7dfQij9NTBWj3+bGn R6My26knmhib7vdTGdGejwUuiCYLRS1Kg4qJLXPvxkhyiKezsSULgOqKxAfLBVxukIh3 wBvuvzs7LSjOsioLJYMV3Jw9nLX2cikRsvHKXEFnEGmVh1+cx5nEIWxKkWnODD+G1FDT WvuadoHTmca6Nw994JLGW0iO3nATXyEhr6IsUWTlzulJz3laiMz44Hh8vd9VZqfuE+30 aAUKiRQatIZ69srhwINSUMDNk3+F0xDWI/9M8JvwkdzFxTuih89El7h73kqJL8tUMDG+ uPuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=FDAgIT7NldBuqTY7NfEQiDBUAYm/yPMvcAW+0H2wqiU=; b=ESollLCx3dx7uMPn3MNYIjeLyk8m8ib+ucWocUPyKs4vuavCdgP/BZmQ9PowLGOakv rEu/7wYA8bUEe7BX73pXeLC8d18FuUGh/YJNefqLoa0WNQa9GXP7Y33YyHsyla5OMG8X a2tvw6VFHORGRqrUb2G6nLc0t16+dD9Hx+WQZ9Gr/lZKUZYk2Hh3NJytPYCbdHd3x+9c 3kvkoGgmTthENYIFD85V1daacUB8UTYyrK03glkuukfhX9rGO1/nEOuVLlKTBD1YrGfy uh1DfPXa0Xz+BMJ7myl4QIXZV0VSlLeFsr8t9CXpA1zdTpL91XBuomzdIziR/SY0blIg d2Jg== X-Gm-Message-State: AOAM530RcklQBvV/x4K5dhUNWZk/HG2puuxmvAQiw7iqZLNaIgfjImwd Mp+rNqU2IDPpmDrseRFoaaIMqcd2ltw= X-Google-Smtp-Source: ABdhPJzurQ78NgIiGO+OrbUQGdMVQScS16F2n8s32iNwXGPXF/o4ua8eZMG9sXRMOjrzQCSaCTvaGQ== X-Received: by 2002:a17:906:184a:: with SMTP id w10mr73646014eje.273.1636127148055; Fri, 05 Nov 2021 08:45:48 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:47 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 03/36] libsepol/fuzz: silence secilc-fuzzer Date: Fri, 5 Nov 2021 16:45:05 +0100 Message-Id: <20211105154542.38434-4-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Do not output CIL log messages while fuzzing, since their amount are huge, e.g. for neverallow or typebounds violations. Signed-off-by: Christian Göttsche --- libsepol/fuzz/secilc-fuzzer.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libsepol/fuzz/secilc-fuzzer.c b/libsepol/fuzz/secilc-fuzzer.c index 255b3241..9a1a16de 100644 --- a/libsepol/fuzz/secilc-fuzzer.c +++ b/libsepol/fuzz/secilc-fuzzer.c @@ -8,6 +8,10 @@ #include #include +static void log_handler(__attribute__((unused)) int lvl, __attribute__((unused)) const char *msg) { + /* be quiet */ +} + int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { enum cil_log_level log_level = CIL_ERR; struct sepol_policy_file *pf = NULL; @@ -24,6 +28,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { sepol_policydb_t *pdb = NULL; cil_set_log_level(log_level); + cil_set_log_handler(log_handler); cil_db_init(&db); cil_set_disable_dontaudit(db, disable_dontaudit); From patchwork Fri Nov 5 15:45:06 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604967 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 446F6C433FE for ; Fri, 5 Nov 2021 15:45:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2F06E61108 for ; Fri, 5 Nov 2021 15:45:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232771AbhKEPsa (ORCPT ); Fri, 5 Nov 2021 11:48:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44728 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232631AbhKEPsa (ORCPT ); Fri, 5 Nov 2021 11:48:30 -0400 Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 35058C061714 for ; Fri, 5 Nov 2021 08:45:50 -0700 (PDT) Received: by mail-ed1-x52b.google.com with SMTP id v11so31970069edc.9 for ; Fri, 05 Nov 2021 08:45:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=b9FTARu2DlZy1P3z+H5oOpXuVIsNQKThaiuWCTyQnxE=; b=hGkMakSZYYxD0/PHOoZACJHFePwykmXu129B2SbfTllTjKasyql3Ti/yQyWaLRBIAj KOIYjI6KQQRP/Odn4Ld+epLRJ9eRK7+RYubnAUJFo2ClF2rb13m2Dl2mwey5Z5g66WNy YJUjAb6KsLxEwbh8wawKzTL8i8LeuljfAUxKgCZG4xlDfx+K06gX7Os8VPI0BFzn8S1o 9ZKWjrR5B8Fh7zqit5XQUBpgIKqrOWAPNnRdbggjvXuTOjo4X/F5MOWnDSAmfgXjvCnO Actyopcb5/KUmTQTf1VDGwliS5gK7f1Z9B/30qJ1yF0PPaq9ZtlDtstZEJxfNl2FzJNR yg/g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=b9FTARu2DlZy1P3z+H5oOpXuVIsNQKThaiuWCTyQnxE=; b=2LR7CUbZ746P/Wv0JN87VppYfsoFIOI5WjoQVQ0aI+EZno+KPQewntVLPsTVmores1 K7dBG3Mj9wOjnzpjsWrbWHPmqAx6WE4/tSq6kwgAoABU2Z5RXLW/ROy4m5GdoKdesLPS HOY3kmqj1LFt1XZb2Hc8Mbl+ifS9uN8F6TYJZMtuCJ+WRKdVFpYsPHTYrlyhDWVynkvh 3yU5jHBiXpeSWaSArWPBDFKEWnWz+gNUNH6ZSXX3Vh6D70Oe8GJfIIwq9k3HwQPFAw+n TXARQg7J+h5zQsG/QCORg491pnFztBv4BgMjbpr1ZuAChUNsWHUzvoBzH5ULDGzwe7V3 h/zQ== X-Gm-Message-State: AOAM533J3xmF1RobQYPKVyXsfhpX3pR/HHYtgIBXqNKX7Wgz3ebF5SIo 8HDvTMr4Nf+lQyuJR6QuecAOk8odbEk= X-Google-Smtp-Source: ABdhPJzLQlDT4jaxaAmkLjT+7UCJNPLOCqNiUk/sgNpefk6mbO4OFNFX6ye/vkru09JxE3U0KvnZXA== X-Received: by 2002:a50:950b:: with SMTP id u11mr79318779eda.121.1636127148648; Fri, 05 Nov 2021 08:45:48 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:48 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 04/36] libsepol: add libfuzz based fuzzer for reading binary policies Date: Fri, 5 Nov 2021 16:45:06 +0100 Message-Id: <20211105154542.38434-5-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche --- libsepol/fuzz/binpolicy-fuzzer.c | 63 +++++++++++++++++++++++++++++++ libsepol/fuzz/policy.bin | Bin 0 -> 1552 bytes scripts/oss-fuzz.sh | 17 ++++++++- 3 files changed, 78 insertions(+), 2 deletions(-) create mode 100644 libsepol/fuzz/binpolicy-fuzzer.c create mode 100644 libsepol/fuzz/policy.bin diff --git a/libsepol/fuzz/binpolicy-fuzzer.c b/libsepol/fuzz/binpolicy-fuzzer.c new file mode 100644 index 00000000..85c59645 --- /dev/null +++ b/libsepol/fuzz/binpolicy-fuzzer.c @@ -0,0 +1,63 @@ +#include +#include +#include +#include + +extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +static int write_binary_policy(policydb_t *p, FILE *outfp) +{ + struct policy_file pf; + + policy_file_init(&pf); + pf.type = PF_USE_STDIO; + pf.fp = outfp; + return policydb_write(p, &pf); +} + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + policydb_t policydb = {}; + sidtab_t sidtab = {}; + struct policy_file pf; + FILE *devnull = NULL; + + sepol_debug(0); + + policy_file_init(&pf); + pf.type = PF_USE_MEMORY; + pf.data = (char *) data; + pf.len = size; + + if (policydb_init(&policydb)) + goto exit; + + if (policydb_read(&policydb, &pf, /*verbose=*/0)) + goto exit; + + if (policydb_load_isids(&policydb, &sidtab)) + goto exit; + + if (policydb.policy_type == POLICY_KERN) + (void) policydb_optimize(&policydb); + + devnull = fopen("/dev/null", "w"); + if (!devnull) + goto exit; + + (void) write_binary_policy(&policydb, devnull); + + (void) sepol_kernel_policydb_to_conf(devnull, &policydb); + + (void) sepol_kernel_policydb_to_cil(devnull, &policydb); + +exit: + if (devnull != NULL) + fclose(devnull); + + policydb_destroy(&policydb); + sepol_sidtab_destroy(&sidtab); + + /* Non-zero return values are reserved for future use. */ + return 0; +} diff --git a/libsepol/fuzz/policy.bin b/libsepol/fuzz/policy.bin new file mode 100644 index 0000000000000000000000000000000000000000..6f977ef34479daa9bf2e848c502ecea8d96f7912 GIT binary patch literal 1552 zcma)5OLBuS3?==4PtZ+{&?9)$U3WbIlYnX65X0D})6Db;y>M5p9{5ov4Nx%;$40a)K#TcVgu}o@qItz z*n@Vpe$`n>9k>)lLo|5!#vC+5dA)f~edbIZ(r^=r47z&T$5@O7acJXBjy1qIauI91 zZV#hm%^Wra%{;^@N(_Mfp@x57&=A0V{XH^N#4uZ2$+ZB!ToK{?!0dQgn^$*KOS$hBg literal 0 HcmV?d00001 diff --git a/scripts/oss-fuzz.sh b/scripts/oss-fuzz.sh index 16cc3c0a..72d275e8 100755 --- a/scripts/oss-fuzz.sh +++ b/scripts/oss-fuzz.sh @@ -32,7 +32,7 @@ SANITIZER=${SANITIZER:-address} flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize=fuzzer-no-link" export CC=${CC:-clang} -export CFLAGS=${CFLAGS:-$flags} +export CFLAGS="${CFLAGS:-$flags} -I$DESTDIR/usr/include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64" export CXX=${CXX:-clang++} export CXXFLAGS=${CXXFLAGS:-$flags} @@ -49,11 +49,24 @@ make -C libsepol clean # shellcheck disable=SC2016 make -C libsepol V=1 LD_SONAME_FLAGS='-soname,$(LIBSO),--version-script=$(LIBMAP)' -j"$(nproc)" install +## secilc fuzzer ## + # CFLAGS, CXXFLAGS and LIB_FUZZING_ENGINE have to be split to be accepted by # the compiler/linker so they shouldn't be quoted # shellcheck disable=SC2086 -$CC $CFLAGS -I"$DESTDIR/usr/include" -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -c -o secilc-fuzzer.o libsepol/fuzz/secilc-fuzzer.c +$CC $CFLAGS -c -o secilc-fuzzer.o libsepol/fuzz/secilc-fuzzer.c # shellcheck disable=SC2086 $CXX $CXXFLAGS $LIB_FUZZING_ENGINE secilc-fuzzer.o "$DESTDIR/usr/lib/libsepol.a" -o "$OUT/secilc-fuzzer" zip -r "$OUT/secilc-fuzzer_seed_corpus.zip" secilc/test + +## binary policy fuzzer ## + +# CFLAGS, CXXFLAGS and LIB_FUZZING_ENGINE have to be split to be accepted by +# the compiler/linker so they shouldn't be quoted +# shellcheck disable=SC2086 +$CC $CFLAGS -c -o binpolicy-fuzzer.o libsepol/fuzz/binpolicy-fuzzer.c +# shellcheck disable=SC2086 +$CXX $CXXFLAGS $LIB_FUZZING_ENGINE binpolicy-fuzzer.o "$DESTDIR/usr/lib/libsepol.a" -o "$OUT/binpolicy-fuzzer" + +zip -j "$OUT/binpolicy-fuzzer_seed_corpus.zip" libsepol/fuzz/policy.bin From patchwork Fri Nov 5 15:45:07 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604969 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9623AC433EF for ; Fri, 5 Nov 2021 15:45:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8329B61108 for ; Fri, 5 Nov 2021 15:45:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232631AbhKEPsb (ORCPT ); Fri, 5 Nov 2021 11:48:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44734 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232757AbhKEPsa (ORCPT ); Fri, 5 Nov 2021 11:48:30 -0400 Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B1903C061205 for ; Fri, 5 Nov 2021 08:45:50 -0700 (PDT) Received: by mail-ed1-x52a.google.com with SMTP id o8so34460477edc.3 for ; Fri, 05 Nov 2021 08:45:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=7zZ2sY8MXY2OU2S1M7ftEV47o21MUPiJptBUNbT3vQw=; b=SsJGj5q1lgWENnf4NPYMDGbpZlWDz1Gfv7pfsXJmdwSS4umvZsVYq2lgEs1wFr+Vq3 WwQtFLNPlE9Az6ddclx7ZkWmli8BT8gCrSQ8TLDto8AOJhThAu7pD1Hp6wIKn2MEqJ7a IckWAfVnPaRILrTO+IckE2c47wtBinqbevAfsox+gz/ZOEKHvcmJijqPtgYK0T4A1tYV KG7dv+V4T+LLrsTdrP+2q6+JF0G4QgUAfJ958gMTE0lGY/PxJNVm1gdlzw5XAiuGV5Y0 zwS/QGTGXjL6mTvaMg9N0ciw4C90QJVzhzoPi5vv6daK3JkrtN+0q5zPSs8Sw+EOUfbO WBlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7zZ2sY8MXY2OU2S1M7ftEV47o21MUPiJptBUNbT3vQw=; b=gAh4Fc59Orhxc5KOXveTtHPdq5o4aqyrwH4cJOqMjMTvDUN5V4kjFRdnJaFRE5kRpj iR2xG3A1atQM2Ny6AB5gU1VaLodewTrlMhU3PJn1gXXS0qJH9vTxZslnDtrnofuW2afm o3+90fy2gXdXQkrJcBVCgR5jo/Hprd0XpwY04OxxbJYWtOs/hF+7njmBENdViKH9H4Y3 Dh0EqQVIRL781VmFtZBZgJuang9QrKoOeBDxW7BlfCCwqNYo6UjhnvzizSAiOsr90EMH q+Mhmsz94TNr3s+Oesedbk5CSF6i9GDx52/LdNZqi0CxRdJW6+01An4Dwl+xsfekYOsj TVEw== X-Gm-Message-State: AOAM532RHLAivFJq+J002UD+aPkvA/h0qlglp+pD3zPfb0I+IknR1o77 oQJE4UXG52qiQcGqUaudGit7FyOZi5o= X-Google-Smtp-Source: ABdhPJwqurMLkQ2R7sQHDxW4KVj1ntaKRJp+EHyk9K/EeIXDMLl6gNGuwqgX3LNYRy03PZn6FI93EA== X-Received: by 2002:a50:d78c:: with SMTP id w12mr79652471edi.147.1636127149276; Fri, 05 Nov 2021 08:45:49 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:48 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 05/36] libsepol/fuzz: limit element sizes for fuzzing Date: Fri, 5 Nov 2021 16:45:07 +0100 Message-Id: <20211105154542.38434-6-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Limit the maximum length of read sizes, like string length of module version and name or keys and number of symtab entries. This avoids the fuzzer to report oom events for huge allocations (it also improves the number of executions per seconds of the fuzzer). This change only affects the fuzzer build. ==15211== ERROR: libFuzzer: out-of-memory (malloc(3115956666)) To change the out-of-memory limit use -rss_limit_mb= #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61) #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557) #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7) #6 0x4aa143 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aa143) #7 0x5259cb in malloc (./out/binpolicy-fuzzer+0x5259cb) #8 0x59d307 in str_read ./libsepol/src/services.c:1746:8 #9 0x585b97 in perm_read ./libsepol/src/policydb.c:2063:5 #10 0x581f8a in common_read ./libsepol/src/policydb.c:2119:7 #11 0x576681 in policydb_read ./libsepol/src/policydb.c:4417:8 #12 0x55a214 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:26:6 #13 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #14 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #15 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #16 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #17 0x7fe1ec88a7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #18 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) ==12683== ERROR: libFuzzer: out-of-memory (malloc(2526451450)) To change the out-of-memory limit use -rss_limit_mb= #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61) #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557) #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7) #6 0x4aa143 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aa143) #7 0x5259cb in malloc (./out/binpolicy-fuzzer+0x5259cb) #8 0x575f8a in policydb_read ./libsepol/src/policydb.c:4356:18 #9 0x55a214 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:26:6 #10 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #11 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #12 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #13 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #14 0x7fa737b377ec in __libc_start_main csu/../csu/libc-start.c:332:16 #15 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/private.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libsepol/src/private.h b/libsepol/src/private.h index 71287282..6146f59f 100644 --- a/libsepol/src/private.h +++ b/libsepol/src/private.h @@ -44,7 +44,12 @@ #define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0])) -#define is_saturated(x) (x == (typeof(x))-1) +#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +# define is_saturated(x) (x == (typeof(x))-1 || (x) > (1U << 16)) +#else +# define is_saturated(x) (x == (typeof(x))-1) +#endif + #define zero_or_saturated(x) ((x == 0) || is_saturated(x)) #define spaceship_cmp(a, b) (((a) > (b)) - ((a) < (b))) From patchwork Fri Nov 5 15:45:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604971 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2399EC433F5 for ; Fri, 5 Nov 2021 15:45:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 05B1861108 for ; Fri, 5 Nov 2021 15:45:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232704AbhKEPsb (ORCPT ); Fri, 5 Nov 2021 11:48:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44738 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232650AbhKEPsb (ORCPT ); Fri, 5 Nov 2021 11:48:31 -0400 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7275BC061714 for ; Fri, 5 Nov 2021 08:45:51 -0700 (PDT) Received: by mail-ed1-x529.google.com with SMTP id w1so34803245edd.10 for ; Fri, 05 Nov 2021 08:45:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Foaq3q3y0h6prOQRaT8fTuHYMx7CtZpIoNIw69ai3ew=; b=Njf1y6UrK1MUt4SZxBwiJKfDq0EwLoGBFgk3jT23AW4kun7LM2DgYQcN6Qe3albaDW wWWxBY04PmQwvQJfo7gOxYX3qzeYnOwXf7aUDyAD7X469ObkOHGFZ8B2iD7Wi+7RMpLD rOBo7hmwUOGyMOdRR8GHoAifot+DH1bvXjxk7Z1lb5tTnNsotjbWE29WwsUhGqGaF+Vo rNO1i1YejZ13iQoLjyIccTcmALsID+MYV+B2qpnecvDJEAUDo8yJ/TmVpDb7MwJ3ePP4 dcL2swfvlbJw0dvHqR9N1LV2YBCtlP7Q5Byp0sfM6uvoeTVng3cJpTiNEEsqLa/mVz0I KMqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Foaq3q3y0h6prOQRaT8fTuHYMx7CtZpIoNIw69ai3ew=; b=6gGW9MObFyJoMmfwbEWzwMoc27ANsNK0BoEHQojrILysLPTAIwWfD3XN2VbYORmfPu D6MB9ezoeuG0FgA9f9hqblgUkJBQJwR/ULOLGRPSn8OKa5jGUyN8TowP5TyiOhdjuKvN N6Z5Cg+VoLwcFF+ANyKbiEyvXF6YMg4For1uc8MT+ppb/47eN6B0jBsEhSric2+Ika27 OFrC2jNIZka6bIjOn08xvHWQ5jI5iM0Le0oefcP2Ai7gEkW1JudgbZv+l3mS9FV0daWt Z8AfypcP3V88bNVStyj/iW6EDbpIbqAsxtG/ct9uif2HLBDracwfHb0kic1Sq92aZ4YK 0oHQ== X-Gm-Message-State: AOAM532z8LFOAcULa/Vd6ulolSOiyI9J3ga1hbUWSsBfX9L8xZSBM+zZ WZ96H9dptl9pynYAmPRekMSN6ETaGaI= X-Google-Smtp-Source: ABdhPJyQ1eh8qfi5//YwUVwwQEPk4PkIhyFJQGD2gqLlI3DxRkstc+sKP/h4KO25W8i45cch6Z+G6Q== X-Received: by 2002:a05:6402:3588:: with SMTP id y8mr24171514edc.328.1636127149816; Fri, 05 Nov 2021 08:45:49 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:49 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 06/36] libsepol: use logging framework in conditional.c Date: Fri, 5 Nov 2021 16:45:08 +0100 Message-Id: <20211105154542.38434-7-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the internal logging framework instead of directly writing to stdout as it might be undesired to do so within a library. Signed-off-by: Christian Göttsche --- v2: replace INFO calls by WARN since they are reasons of failure --- libsepol/src/conditional.c | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c index 037dc7e2..1edac65d 100644 --- a/libsepol/src/conditional.c +++ b/libsepol/src/conditional.c @@ -25,6 +25,7 @@ #include #include "private.h" +#include "debug.h" /* move all type rules to top of t/f lists to help kernel on evaluation */ static void cond_optimize(cond_av_list_t ** l) @@ -314,8 +315,7 @@ static int evaluate_cond_node(policydb_t * p, cond_node_t * node) if (new_state != node->cur_state) { node->cur_state = new_state; if (new_state == -1) - printf - ("expression result was undefined - disabling all rules.\n"); + WARN(NULL, "expression result was undefined - disabling all rules.\n"); /* turn the rules on or off */ for (cur = node->true_list; cur != NULL; cur = cur->next) { if (new_state <= 0) { @@ -368,8 +368,7 @@ int cond_normalize_expr(policydb_t * p, cond_node_t * cn) if (ne) { ne->next = NULL; } else { /* ne should never be NULL */ - printf - ("Found expr with no bools and only a ! - this should never happen.\n"); + ERR(NULL, "Found expr with no bools and only a ! - this should never happen.\n"); return -1; } /* swap the true and false lists */ @@ -421,8 +420,7 @@ int cond_normalize_expr(policydb_t * p, cond_node_t * cn) } k = cond_evaluate_expr(p, cn->expr); if (k == -1) { - printf - ("While testing expression, expression result " + ERR(NULL, "While testing expression, expression result " "was undefined - this should never happen.\n"); return -1; } @@ -635,8 +633,7 @@ static int cond_insertf(avtab_t * a */ if (k->specified & AVTAB_TYPE) { if (avtab_search(&p->te_avtab, k)) { - printf - ("security: type rule already exists outside of a conditional."); + WARN(NULL, "security: type rule already exists outside of a conditional."); goto err; } /* @@ -652,8 +649,7 @@ static int cond_insertf(avtab_t * a if (node_ptr) { if (avtab_search_node_next (node_ptr, k->specified)) { - printf - ("security: too many conflicting type rules."); + ERR(NULL, "security: too many conflicting type rules."); goto err; } found = 0; @@ -664,15 +660,13 @@ static int cond_insertf(avtab_t * a } } if (!found) { - printf - ("security: conflicting type rules.\n"); + ERR(NULL, "security: conflicting type rules.\n"); goto err; } } } else { if (avtab_search(&p->te_cond_avtab, k)) { - printf - ("security: conflicting type rules when adding type rule for true.\n"); + ERR(NULL, "security: conflicting type rules when adding type rule for true.\n"); goto err; } } @@ -680,7 +674,7 @@ static int cond_insertf(avtab_t * a node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d); if (!node_ptr) { - printf("security: could not insert rule."); + ERR(NULL, "security: could not insert rule."); goto err; } node_ptr->parse_context = (void *)1; @@ -742,14 +736,12 @@ static int cond_read_av_list(policydb_t * p, void *fp, static int expr_isvalid(policydb_t * p, cond_expr_t * expr) { if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) { - printf - ("security: conditional expressions uses unknown operator.\n"); + WARN(NULL, "security: conditional expressions uses unknown operator.\n"); return 0; } if (expr->bool > p->p_bools.nprim) { - printf - ("security: conditional expressions uses unknown bool.\n"); + WARN(NULL, "security: conditional expressions uses unknown bool.\n"); return 0; } return 1; From patchwork Fri Nov 5 15:45:09 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604973 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DE136C4332F for ; Fri, 5 Nov 2021 15:45:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CAE3F61108 for ; Fri, 5 Nov 2021 15:45:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232633AbhKEPsc (ORCPT ); Fri, 5 Nov 2021 11:48:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44742 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232650AbhKEPsc (ORCPT ); Fri, 5 Nov 2021 11:48:32 -0400 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F3AC1C061205 for ; Fri, 5 Nov 2021 08:45:51 -0700 (PDT) Received: by mail-ed1-x529.google.com with SMTP id j21so34368536edt.11 for ; Fri, 05 Nov 2021 08:45:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=7aPhMxSq2+akr31cTusNClg4NbPvTbnA0dtwLNwFaS4=; b=W1A4RlQpji5uM/R3oDKG2eiBOBxipAIAsohtavemXvFqtAly2xrW9DfhMoFNQOGaQ7 wX/L/3bRK0km98+kz2zbB3roEQ84ida/VKLYLP487VDL9aGUaw5igOzjh7N54CqQZbU2 qRH7r53g1eOf23qNw1B7DVNJluWFlxeyJRnNUwDTJhongHGQK0Zjks0k1yk7MPc34Xwx nWNSgjY5hYWhKEr0REB7CeQLlBUHTKq8XkwbOAFLCxlgYnRqDexo4xwEwDEeH5MERVVw 9JFcXCAKQytbD7I0W1UwKq7066DRPtjDroYz4E2pZ+q4gYdSEL9SU1u9GBPQU1xfmu+Y /Uyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7aPhMxSq2+akr31cTusNClg4NbPvTbnA0dtwLNwFaS4=; b=KYyuEy3IqWoBVGQhmn6FebeUKhsl974oTUgnwBaU5KYN/eacskjGH6yD4HSi82tlfP EUvm4uGReyMBBHxEDY+9CIepbRa0lHbG9xlHp+35+3Ll+vR6Tb2I6EwzxL1th668+fhu fxII1bU/9hjUDl6yIj6Q25CuqdlYdAI8GzotX5G/qANDBdrRxdX8lsDqkoxwdhuSgZ3X 1R9bS/gOhe8+ZF+Ua3wNttIw3lgRtu7iGvnv/1B8WkuRrDpd17dlChjqtIYHeMrXXU17 DdOMTgUhrqoHwKDXuycPDsPG1WJi04MIswdeH+sMQIFZYgT5KojgGQuC9/y8hmqw6BZx sgZw== X-Gm-Message-State: AOAM531Q8NKQraM/N4xxKoehfnxQkd01iznYv77fSJ6zExcTTTb2F7zE cvJuexRLQJDyIKv5ZAy+JtHmqeTQLIc= X-Google-Smtp-Source: ABdhPJwpcnNT0uxkMf5hk3Dqo51g9TjMvNoxQEMHkI9vRi4u+JFoCpxochXkShnoI6jZV1hoOi6sfA== X-Received: by 2002:a17:907:6287:: with SMTP id nd7mr20984062ejc.152.1636127150483; Fri, 05 Nov 2021 08:45:50 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:50 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 07/36] libsepol: use logging framework in ebitmap.c Date: Fri, 5 Nov 2021 16:45:09 +0100 Message-Id: <20211105154542.38434-8-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the internal logging framework instead of directly writing to stdout as it might be undesired to do so within a library. Signed-off-by: Christian Göttsche --- libsepol/src/ebitmap.c | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/libsepol/src/ebitmap.c b/libsepol/src/ebitmap.c index 1de3816a..fa728558 100644 --- a/libsepol/src/ebitmap.c +++ b/libsepol/src/ebitmap.c @@ -406,8 +406,7 @@ int ebitmap_read(ebitmap_t * e, void *fp) count = le32_to_cpu(buf[2]); if (mapsize != MAPSIZE) { - printf - ("security: ebitmap: map size %d does not match my size %zu (high bit was %d)\n", + ERR(NULL, "security: ebitmap: map size %d does not match my size %zu (high bit was %d)\n", mapsize, MAPSIZE, e->highbit); goto bad; } @@ -416,8 +415,7 @@ int ebitmap_read(ebitmap_t * e, void *fp) goto ok; } if (e->highbit & (MAPSIZE - 1)) { - printf - ("security: ebitmap: high bit (%d) is not a multiple of the map size (%zu)\n", + ERR(NULL, "security: ebitmap: high bit (%d) is not a multiple of the map size (%zu)\n", e->highbit, MAPSIZE); goto bad; } @@ -429,12 +427,12 @@ int ebitmap_read(ebitmap_t * e, void *fp) for (i = 0; i < count; i++) { rc = next_entry(buf, fp, sizeof(uint32_t)); if (rc < 0) { - printf("security: ebitmap: truncated map\n"); + ERR(NULL, "security: ebitmap: truncated map\n"); goto bad; } n = (ebitmap_node_t *) malloc(sizeof(ebitmap_node_t)); if (!n) { - printf("security: ebitmap: out of memory\n"); + ERR(NULL, "security: ebitmap: out of memory\n"); rc = -ENOMEM; goto bad; } @@ -443,34 +441,30 @@ int ebitmap_read(ebitmap_t * e, void *fp) n->startbit = le32_to_cpu(buf[0]); if (n->startbit & (MAPSIZE - 1)) { - printf - ("security: ebitmap start bit (%d) is not a multiple of the map size (%zu)\n", + ERR(NULL, "security: ebitmap start bit (%d) is not a multiple of the map size (%zu)\n", n->startbit, MAPSIZE); goto bad_free; } if (n->startbit > (e->highbit - MAPSIZE)) { - printf - ("security: ebitmap start bit (%d) is beyond the end of the bitmap (%zu)\n", + ERR(NULL, "security: ebitmap start bit (%d) is beyond the end of the bitmap (%zu)\n", n->startbit, (e->highbit - MAPSIZE)); goto bad_free; } rc = next_entry(&map, fp, sizeof(uint64_t)); if (rc < 0) { - printf("security: ebitmap: truncated map\n"); + ERR(NULL, "security: ebitmap: truncated map\n"); goto bad_free; } n->map = le64_to_cpu(map); if (!n->map) { - printf - ("security: ebitmap: null map in ebitmap (startbit %d)\n", + ERR(NULL, "security: ebitmap: null map in ebitmap (startbit %d)\n", n->startbit); goto bad_free; } if (l) { if (n->startbit <= l->startbit) { - printf - ("security: ebitmap: start bit %d comes after start bit %d\n", + ERR(NULL, "security: ebitmap: start bit %d comes after start bit %d\n", n->startbit, l->startbit); goto bad_free; } @@ -481,8 +475,7 @@ int ebitmap_read(ebitmap_t * e, void *fp) l = n; } if (count && l->startbit + MAPSIZE != e->highbit) { - printf - ("security: ebitmap: high bit %u has not the expected value %zu\n", + ERR(NULL, "security: ebitmap: high bit %u has not the expected value %zu\n", e->highbit, l->startbit + MAPSIZE); goto bad; } From patchwork Fri Nov 5 15:45:10 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604975 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 38D52C433FE for ; Fri, 5 Nov 2021 15:45:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 216B761108 for ; Fri, 5 Nov 2021 15:45:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232650AbhKEPsd (ORCPT ); Fri, 5 Nov 2021 11:48:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44750 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232734AbhKEPsc (ORCPT ); Fri, 5 Nov 2021 11:48:32 -0400 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8848CC061208 for ; Fri, 5 Nov 2021 08:45:52 -0700 (PDT) Received: by mail-ed1-x532.google.com with SMTP id c8so17812139ede.13 for ; Fri, 05 Nov 2021 08:45:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=AMzfFM6xBXewuhUXPR0M4o5FGlrilqzwlmHGI8+xQrg=; b=omZKXnEkOr/P7SSAqOg/cedHseiHAtgsarFn4BP7ul4oC9aVU+EuR06xrAm5+pPjQc Ipktdx8COpXAlnWo5yzqOpU6nMASolYmeU1GReI8WrPG73/V9p8N9O3m9bcmjP/H20HX uS+/09DkZevFpTxVuESl2d0XabD40SRa3IiZ5JOxiTnO66m37ph5LdtOpT0cb41O6pec uPdpiNxckOBh+J37zPHo2Df7Df93HvlIOQSvB807F/vvN5HF4KZlKtbQhLZQPr4gu+AS A44ClAjS+jbeYIThgBZkYHPyy3kIBmgfZtgBCUKgUWd1o7MYs9nbtA+2TXDCcdxz0JlW NYtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AMzfFM6xBXewuhUXPR0M4o5FGlrilqzwlmHGI8+xQrg=; b=EZbblGhmwEVBw6UpCQYsoE3mbmrD6mwMfjHdC3D+dRqxPkLSNjPSTgW6bmLM/syAp7 TaK8bJacfv5X1OdEsmEttOpAHHF7cB+E8C7+u3X/i4NsB6xIEb0Q3xfubg2ndg1anPKi Dsa9CrnO1lmLAyOwUUa6hWXuVTMjjFpppmHT8ZZ3ZAuiX++u43QViqUrcQnuHIBRBq0G jYxDxeUmueic+E7/xNC3yk7YYIE9YsYR4oVo9EQtOUJ9FHjX9W7QJKX3dUP1dcMrt/6B nu8MKzRUT/6xI1LUxvKMUMLZ7fI8CwW62kI63Lks//5F0nVF5ZzgQ8tEEGeDwhaotOiE jRTg== X-Gm-Message-State: AOAM5301OKZUZebz+/8M4VvsXILGgac01v0NB01j4Tqj6DuKMdpFRHNP Dhs4feDZDW7dE983ElG/EV6imvYpues= X-Google-Smtp-Source: ABdhPJyBU2gR2yJDdNe7hB4fPMvzHS7aoYjgqznKvA+XrNA2vsVvRMqFc0CEys0fBj0rqe1v22SIGw== X-Received: by 2002:aa7:c501:: with SMTP id o1mr78257444edq.99.1636127151057; Fri, 05 Nov 2021 08:45:51 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:50 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 08/36] libsepol: use mallocarray wrapper to avoid overflows Date: Fri, 5 Nov 2021 16:45:10 +0100 Message-Id: <20211105154542.38434-9-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use a wrapper to guard `malloc(a * b)` type allocations, to detect multiplication overflows, which result in too few memory being allocated. Signed-off-by: Christian Göttsche --- libsepol/src/conditional.c | 2 +- libsepol/src/expand.c | 4 ++-- libsepol/src/hashtab.c | 4 +++- libsepol/src/link.c | 3 ++- libsepol/src/module.c | 4 ++-- libsepol/src/module_to_cil.c | 4 ++-- libsepol/src/optimize.c | 6 ++++-- libsepol/src/policydb.c | 6 +++--- libsepol/src/private.h | 9 +++++++++ libsepol/src/services.c | 6 +++--- libsepol/src/sidtab.c | 3 ++- libsepol/src/user_record.c | 3 ++- libsepol/src/write.c | 2 +- 13 files changed, 36 insertions(+), 20 deletions(-) diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c index 1edac65d..cc3f4d82 100644 --- a/libsepol/src/conditional.c +++ b/libsepol/src/conditional.c @@ -522,7 +522,7 @@ int cond_init_bool_indexes(policydb_t * p) if (p->bool_val_to_struct) free(p->bool_val_to_struct); p->bool_val_to_struct = (cond_bool_datum_t **) - malloc(p->p_bools.nprim * sizeof(cond_bool_datum_t *)); + mallocarray(p->p_bools.nprim, sizeof(cond_bool_datum_t *)); if (!p->bool_val_to_struct) return -1; return 0; diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c index a6a466f7..8a7259a0 100644 --- a/libsepol/src/expand.c +++ b/libsepol/src/expand.c @@ -3146,9 +3146,9 @@ int expand_module(sepol_handle_t * handle, goto cleanup; /* Build the type<->attribute maps and remove attributes. */ - state.out->attr_type_map = malloc(state.out->p_types.nprim * + state.out->attr_type_map = mallocarray(state.out->p_types.nprim, sizeof(ebitmap_t)); - state.out->type_attr_map = malloc(state.out->p_types.nprim * + state.out->type_attr_map = mallocarray(state.out->p_types.nprim, sizeof(ebitmap_t)); if (!state.out->attr_type_map || !state.out->type_attr_map) { ERR(handle, "Out of memory!"); diff --git a/libsepol/src/hashtab.c b/libsepol/src/hashtab.c index 21143b76..2eb35212 100644 --- a/libsepol/src/hashtab.c +++ b/libsepol/src/hashtab.c @@ -32,6 +32,8 @@ #include #include +#include "private.h" + hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h, const_hashtab_key_t key), int (*keycmp) (hashtab_t h, @@ -52,7 +54,7 @@ hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h, p->nel = 0; p->hash_value = hash_value; p->keycmp = keycmp; - p->htable = (hashtab_ptr_t *) malloc(sizeof(hashtab_ptr_t) * size); + p->htable = (hashtab_ptr_t *) mallocarray(size, sizeof(hashtab_ptr_t)); if (p->htable == NULL) { free(p); return NULL; diff --git a/libsepol/src/link.c b/libsepol/src/link.c index 7512a4d9..bd986b7b 100644 --- a/libsepol/src/link.c +++ b/libsepol/src/link.c @@ -34,6 +34,7 @@ #include #include "debug.h" +#include "private.h" #undef min #define min(a,b) (((a) < (b)) ? (a) : (b)) @@ -1679,7 +1680,7 @@ static int copy_scope_index(scope_index_t * src, scope_index_t * dest, } /* next copy the enabled permissions data */ - if ((dest->class_perms_map = malloc(largest_mapped_class_value * + if ((dest->class_perms_map = mallocarray(largest_mapped_class_value, sizeof(*dest->class_perms_map))) == NULL) { goto cleanup; diff --git a/libsepol/src/module.c b/libsepol/src/module.c index 02a5de2c..4a51f25c 100644 --- a/libsepol/src/module.c +++ b/libsepol/src/module.c @@ -406,14 +406,14 @@ static int module_package_read_offsets(sepol_module_package_t * mod, goto err; } - off = (size_t *) malloc((nsec + 1) * sizeof(size_t)); + off = (size_t *) mallocarray(nsec + 1, sizeof(size_t)); if (!off) { ERR(file->handle, "out of memory"); goto err; } free(buf); - buf = malloc(sizeof(uint32_t) * nsec); + buf = mallocarray(nsec, sizeof(uint32_t)); if (!buf) { ERR(file->handle, "out of memory"); goto err; diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index 16e4004e..ad0880bd 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -430,7 +430,7 @@ static int stack_init(struct stack **stack) goto exit; } - s->stack = malloc(sizeof(*s->stack) * STACK_SIZE); + s->stack = mallocarray(STACK_SIZE, sizeof(*s->stack)); if (s->stack == NULL) { goto exit; } @@ -1008,7 +1008,7 @@ static int ebitmap_to_names(struct ebitmap *map, char **vals_to_names, char ***n goto exit; } - name_arr = malloc(sizeof(*name_arr) * num); + name_arr = mallocarray(num, sizeof(*name_arr)); if (name_arr == NULL) { log_err("Out of memory"); rc = -1; diff --git a/libsepol/src/optimize.c b/libsepol/src/optimize.c index 6826155c..f8298fb7 100644 --- a/libsepol/src/optimize.c +++ b/libsepol/src/optimize.c @@ -31,6 +31,8 @@ #include #include +#include "private.h" + #define TYPE_VEC_INIT_SIZE 16 struct type_vec { @@ -42,7 +44,7 @@ static int type_vec_init(struct type_vec *v) { v->capacity = TYPE_VEC_INIT_SIZE; v->count = 0; - v->types = malloc(v->capacity * sizeof(*v->types)); + v->types = mallocarray(v->capacity, sizeof(*v->types)); if (!v->types) return -1; return 0; @@ -93,7 +95,7 @@ static struct type_vec *build_type_map(const policydb_t *p) { unsigned int i, k; ebitmap_node_t *n; - struct type_vec *map = malloc(p->p_types.nprim * sizeof(*map)); + struct type_vec *map = mallocarray(p->p_types.nprim, sizeof(*map)); if (!map) return NULL; diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 587ba64a..dcea1807 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -4111,7 +4111,7 @@ static int scope_read(policydb_t * p, int symnum, struct policy_file *fp) goto cleanup; } if ((scope->decl_ids = - malloc(scope->decl_ids_len * sizeof(uint32_t))) == NULL) { + mallocarray(scope->decl_ids_len, sizeof(uint32_t))) == NULL) { goto cleanup; } rc = next_entry(scope->decl_ids, fp, sizeof(uint32_t) * scope->decl_ids_len); @@ -4500,8 +4500,8 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) } if (policy_type == POLICY_KERN) { - p->type_attr_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); - p->attr_type_map = malloc(p->p_types.nprim * sizeof(ebitmap_t)); + p->type_attr_map = mallocarray(p->p_types.nprim, sizeof(ebitmap_t)); + p->attr_type_map = mallocarray(p->p_types.nprim, sizeof(ebitmap_t)); if (!p->type_attr_map || !p->attr_type_map) goto bad; for (i = 0; i < p->p_types.nprim; i++) { diff --git a/libsepol/src/private.h b/libsepol/src/private.h index 6146f59f..d3d65a57 100644 --- a/libsepol/src/private.h +++ b/libsepol/src/private.h @@ -83,3 +83,12 @@ extern int next_entry(void *buf, struct policy_file *fp, size_t bytes); extern size_t put_entry(const void *ptr, size_t size, size_t n, struct policy_file *fp); extern int str_read(char **strp, struct policy_file *fp, size_t len); + +static inline void* mallocarray(size_t nmemb, size_t size) { + if (size && nmemb > (size_t)-1 / size) { + errno = ENOMEM; + return NULL; + } + + return malloc(nmemb * size); +} diff --git a/libsepol/src/services.c b/libsepol/src/services.c index 3407058f..edcdde21 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -712,7 +712,7 @@ mls_ops: * Generate the same number of answer buffer entries as expression * buffers (as there will never be more). */ - answer_list = malloc(expr_count * sizeof(*answer_list)); + answer_list = mallocarray(expr_count, sizeof(*answer_list)); if (!answer_list) { ERR(NULL, "failed to allocate answer stack"); rc = -ENOMEM; @@ -2163,7 +2163,7 @@ int sepol_get_user_sids(sepol_security_id_t fromsid, } usercon.user = user->s.value; - mysids = malloc(maxnel * sizeof(sepol_security_id_t)); + mysids = mallocarray(maxnel, sizeof(sepol_security_id_t)); if (!mysids) { rc = -ENOMEM; goto out; @@ -2199,7 +2199,7 @@ int sepol_get_user_sids(sepol_security_id_t fromsid, } else { maxnel += SIDS_NEL; mysids2 = - malloc(maxnel * + mallocarray(maxnel, sizeof(sepol_security_id_t)); if (!mysids2) { diff --git a/libsepol/src/sidtab.c b/libsepol/src/sidtab.c index 255e0725..adeae6eb 100644 --- a/libsepol/src/sidtab.c +++ b/libsepol/src/sidtab.c @@ -15,6 +15,7 @@ #include #include "flask.h" +#include "private.h" #define SIDTAB_HASH(sid) \ (sid & SIDTAB_HASH_MASK) @@ -27,7 +28,7 @@ int sepol_sidtab_init(sidtab_t * s) { int i; - s->htable = malloc(sizeof(sidtab_ptr_t) * SIDTAB_SIZE); + s->htable = mallocarray(SIDTAB_SIZE, sizeof(sidtab_ptr_t)); if (!s->htable) return -ENOMEM; for (i = 0; i < SIDTAB_SIZE; i++) diff --git a/libsepol/src/user_record.c b/libsepol/src/user_record.c index ac520060..c1356a6b 100644 --- a/libsepol/src/user_record.c +++ b/libsepol/src/user_record.c @@ -4,6 +4,7 @@ #include "user_internal.h" #include "debug.h" +#include "private.h" struct sepol_user { /* This user's name */ @@ -265,7 +266,7 @@ int sepol_user_get_roles(sepol_handle_t * handle, unsigned int i; const char **tmp_roles = - (const char **)malloc(sizeof(char *) * user->num_roles); + (const char **)mallocarray(user->num_roles, sizeof(char *)); if (!tmp_roles) goto omem; diff --git a/libsepol/src/write.c b/libsepol/src/write.c index 3bd034d6..9df5b0bd 100644 --- a/libsepol/src/write.c +++ b/libsepol/src/write.c @@ -2117,7 +2117,7 @@ static int scope_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr) * buffer. this would have been easier with C99's * dynamic arrays... */ rc = POLICYDB_ERROR; - dyn_buf = malloc(items * sizeof(*dyn_buf)); + dyn_buf = mallocarray(items, sizeof(*dyn_buf)); if (!dyn_buf) goto err; buf = dyn_buf; From patchwork Fri Nov 5 15:45:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604979 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8F71C43219 for ; Fri, 5 Nov 2021 15:45:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8A62461108 for ; Fri, 5 Nov 2021 15:45:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232952AbhKEPse (ORCPT ); Fri, 5 Nov 2021 11:48:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44762 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232734AbhKEPsd (ORCPT ); Fri, 5 Nov 2021 11:48:33 -0400 Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 217D8C061714 for ; Fri, 5 Nov 2021 08:45:54 -0700 (PDT) Received: by mail-ed1-x52c.google.com with SMTP id m14so33818038edd.0 for ; Fri, 05 Nov 2021 08:45:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=FyyVZbCFe9V3RPN8wdAKTt8hZXKpI15hbdHylXt5bx4=; b=oDQGz1XHcfp4lnHmpFsYwBcY7NMAh2jeSss8QxjCMS66L9y4hpda2FISGzt8/2L1Ft Zc1DhYkrqMBMUIoD0QbcKAfHghJCJ8iFIj+nbKebB1FzdT1yhdtTH4wFRd9yzbn6L46a TdFpkj3F0cgHa6RAfD0+Td4DxCuHV371SnXWkReL2nb1IXiaEnQTbkExmbKKd4Yh73k/ wjUztPx0g325Hk+5793/UyRqSBGJoQXhxRW1gj34YTggV2wbDAaSNS2ggSEnR65O2AIS 9GCEANYE6QAlvbNL4Sl89R2wK5Areg1hN0MwMbSvyxrGKwp/zebBhM9U+yEPxyHK2vFD BjkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=FyyVZbCFe9V3RPN8wdAKTt8hZXKpI15hbdHylXt5bx4=; b=ibfF2oVnENLNtsbncogDAVfiPN8yVcoX4bF6AZ7C4R3maNu6kGTKN6RyGi/S9CINQv q3mr5ZcJyDc+MmhqYs2aBeyK3ntgcO+S6PlxErDMvIoTk4DHcEyVS8d30EGT1Un2Nhzu OyGvpUvJQ874SO2Xci8igOniFDMVv1QpxQWrHIzoAHR22bj5Pub0jVtCdKBduPMxqx5g NXhx9lSAKcLLYN+iwtPl22hVHLhsse0LAugIo9v2CneK0xYl9NjqlWGqDOQR+XbDDEAP Q7snYdgfqlUv+KEIFM55/ODcxHy9CqIFGwblRiAevu2LabzlqGHvMmjlmOm3/HZ7HfD1 aW5w== X-Gm-Message-State: AOAM5311IPakjDosBNJOFqi1Fa1Vq0W4D7Kb81TF1rnP2lWlt3bh48uW m0ZaX/UiRr7SCygrD2ujvfyt+zbbbEM= X-Google-Smtp-Source: ABdhPJybOOdsmSmyfMwPXQp+G+JX3u5HveH/kBDQiMDsTVGwWLp+I2Au6HdiX5GNl4bJBsnl50godA== X-Received: by 2002:a05:6402:5190:: with SMTP id q16mr41348249edd.123.1636127151615; Fri, 05 Nov 2021 08:45:51 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:51 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 09/36] libsepol: use reallocarray wrapper to avoid overflows Date: Fri, 5 Nov 2021 16:45:11 +0100 Message-Id: <20211105154542.38434-10-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use a wrapper to guard `realloc(p, a * b)` type allocations, to detect multiplication overflows, which result in too few memory being allocated. Use a custom implementation if the used C library does not offer one. Also use temporary variables for realloc(3) results in add_i_to_a() and fp_to_buffer(). Signed-off-by: Christian Göttsche --- libsepol/src/Makefile | 6 ++++++ libsepol/src/kernel_to_common.c | 4 ++-- libsepol/src/module_to_cil.c | 9 +++++---- libsepol/src/optimize.c | 5 +++-- libsepol/src/private.h | 11 +++++++++++ libsepol/src/services.c | 6 +++--- libsepol/src/user_record.c | 5 +++-- libsepol/src/users.c | 12 ++++++------ libsepol/src/util.c | 11 +++++++---- 9 files changed, 46 insertions(+), 23 deletions(-) diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile index dc8b1773..13410c67 100644 --- a/libsepol/src/Makefile +++ b/libsepol/src/Makefile @@ -29,6 +29,12 @@ LOBJS += $(sort $(patsubst %.c,%.lo,$(sort $(wildcard $(CILDIR)/src/*.c)) $(CIL_ override CFLAGS += -I$(CILDIR)/include endif +# check for reallocarray(3) availability +H := \# +ifeq (yes,$(shell printf '${H}define _GNU_SOURCE\n${H}include \nint main(void){void*p=reallocarray(NULL, 1, sizeof(char));return 0;}' | $(CC) -x c -o /dev/null - >/dev/null 2>&1 && echo yes)) +override CFLAGS += -DHAVE_REALLOCARRAY +endif + LD_SONAME_FLAGS=-soname,$(LIBSO),--version-script=$(LIBMAP),-z,defs LN=ln diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c index a7453d3c..51df8c25 100644 --- a/libsepol/src/kernel_to_common.c +++ b/libsepol/src/kernel_to_common.c @@ -161,7 +161,7 @@ int strs_add(struct strs *strs, char *s) char **new; unsigned i = strs->size; strs->size *= 2; - new = realloc(strs->list, sizeof(char *)*strs->size); + new = reallocarray(strs->list, strs->size, sizeof(char *)); if (!new) { sepol_log_err("Out of memory"); return -1; @@ -220,7 +220,7 @@ int strs_add_at_index(struct strs *strs, char *s, unsigned index) while (index >= strs->size) { strs->size *= 2; } - new = realloc(strs->list, sizeof(char *)*strs->size); + new = reallocarray(strs->list, strs->size, sizeof(char *)); if (!new) { sepol_log_err("Out of memory"); return -1; diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index ad0880bd..84e49c5b 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -453,7 +453,7 @@ static int stack_push(struct stack *stack, void *ptr) void *new_stack; if (stack->pos + 1 == stack->size) { - new_stack = realloc(stack->stack, sizeof(*stack->stack) * (stack->size * 2)); + new_stack = reallocarray(stack->stack, stack->size * 2, sizeof(*stack->stack)); if (new_stack == NULL) { goto exit; } @@ -4123,7 +4123,7 @@ exit: static int fp_to_buffer(FILE *fp, char **data, size_t *data_len) { int rc = -1; - char *d = NULL; + char *d = NULL, *d_tmp; size_t d_len = 0; size_t read_len = 0; size_t max_len = 1 << 17; // start at 128KB, this is enough to hold about half of all the existing pp files @@ -4139,12 +4139,13 @@ static int fp_to_buffer(FILE *fp, char **data, size_t *data_len) d_len += read_len; if (d_len == max_len) { max_len *= 2; - d = realloc(d, max_len); - if (d == NULL) { + d_tmp = realloc(d, max_len); + if (d_tmp == NULL) { log_err("Out of memory"); rc = -1; goto exit; } + d = d_tmp; } } diff --git a/libsepol/src/optimize.c b/libsepol/src/optimize.c index f8298fb7..8a048702 100644 --- a/libsepol/src/optimize.c +++ b/libsepol/src/optimize.c @@ -59,8 +59,9 @@ static int type_vec_append(struct type_vec *v, uint32_t type) { if (v->capacity == v->count) { unsigned int new_capacity = v->capacity * 2; - uint32_t *new_types = realloc(v->types, - new_capacity * sizeof(*v->types)); + uint32_t *new_types = reallocarray(v->types, + new_capacity, + sizeof(*v->types)); if (!new_types) return -1; diff --git a/libsepol/src/private.h b/libsepol/src/private.h index d3d65a57..a8cc1472 100644 --- a/libsepol/src/private.h +++ b/libsepol/src/private.h @@ -92,3 +92,14 @@ static inline void* mallocarray(size_t nmemb, size_t size) { return malloc(nmemb * size); } + +#ifndef HAVE_REALLOCARRAY +static inline void* reallocarray(void *ptr, size_t nmemb, size_t size) { + if (size && nmemb > (size_t)-1 / size) { + errno = ENOMEM; + return NULL; + } + + return realloc(ptr, nmemb * size); +} +#endif diff --git a/libsepol/src/services.c b/libsepol/src/services.c index edcdde21..0f36ac53 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -94,7 +94,7 @@ static void push(char *expr_ptr) else new_stack_len = stack_len * 2; - new_stack = realloc(stack, new_stack_len * sizeof(*stack)); + new_stack = reallocarray(stack, new_stack_len, sizeof(*stack)); if (!new_stack) { ERR(NULL, "unable to allocate stack space"); return; @@ -449,8 +449,8 @@ static int constraint_expr_eval_reason(context_struct_t *scontext, else new_expr_list_len = expr_list_len * 2; - new_expr_list = realloc(expr_list, - new_expr_list_len * sizeof(*expr_list)); + new_expr_list = reallocarray(expr_list, + new_expr_list_len, sizeof(*expr_list)); if (!new_expr_list) { ERR(NULL, "failed to allocate expr buffer stack"); rc = -ENOMEM; diff --git a/libsepol/src/user_record.c b/libsepol/src/user_record.c index c1356a6b..404fa3a8 100644 --- a/libsepol/src/user_record.c +++ b/libsepol/src/user_record.c @@ -183,8 +183,9 @@ int sepol_user_add_role(sepol_handle_t * handle, if (!role_cp) goto omem; - roles_realloc = realloc(user->roles, - sizeof(char *) * (user->num_roles + 1)); + roles_realloc = reallocarray(user->roles, + user->num_roles + 1, + sizeof(char *)); if (!roles_realloc) goto omem; diff --git a/libsepol/src/users.c b/libsepol/src/users.c index b895b7f5..a7406214 100644 --- a/libsepol/src/users.c +++ b/libsepol/src/users.c @@ -226,17 +226,17 @@ int sepol_user_modify(sepol_handle_t * handle, void *tmp_ptr; /* Ensure reverse lookup array has enough space */ - tmp_ptr = realloc(policydb->user_val_to_struct, - (policydb->p_users.nprim + - 1) * sizeof(user_datum_t *)); + tmp_ptr = reallocarray(policydb->user_val_to_struct, + policydb->p_users.nprim + 1, + sizeof(user_datum_t *)); if (!tmp_ptr) goto omem; policydb->user_val_to_struct = tmp_ptr; policydb->user_val_to_struct[policydb->p_users.nprim] = NULL; - tmp_ptr = realloc(policydb->sym_val_to_name[SYM_USERS], - (policydb->p_users.nprim + - 1) * sizeof(char *)); + tmp_ptr = reallocarray(policydb->sym_val_to_name[SYM_USERS], + policydb->p_users.nprim + 1, + sizeof(char *)); if (!tmp_ptr) goto omem; policydb->sym_val_to_name[SYM_USERS] = tmp_ptr; diff --git a/libsepol/src/util.c b/libsepol/src/util.c index 902c63c5..b7230564 100644 --- a/libsepol/src/util.c +++ b/libsepol/src/util.c @@ -40,6 +40,8 @@ struct val_to_name { * 0). Return 0 on success, -1 on out of memory. */ int add_i_to_a(uint32_t i, uint32_t * cnt, uint32_t ** a) { + uint32_t *new; + if (cnt == NULL || a == NULL) return -1; @@ -48,17 +50,18 @@ int add_i_to_a(uint32_t i, uint32_t * cnt, uint32_t ** a) * than be smart about it, for now we realloc() the array each * time a new uint32_t is added! */ if (*a != NULL) - *a = (uint32_t *) realloc(*a, (*cnt + 1) * sizeof(uint32_t)); + new = (uint32_t *) reallocarray(*a, *cnt + 1, sizeof(uint32_t)); else { /* empty list */ *cnt = 0; - *a = (uint32_t *) malloc(sizeof(uint32_t)); + new = (uint32_t *) malloc(sizeof(uint32_t)); } - if (*a == NULL) { + if (new == NULL) { return -1; } - (*a)[*cnt] = i; + new[*cnt] = i; (*cnt)++; + *a = new; return 0; } From patchwork Fri Nov 5 15:45:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604977 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 27C66C433EF for ; Fri, 5 Nov 2021 15:45:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0F05B61245 for ; Fri, 5 Nov 2021 15:45:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232676AbhKEPsd (ORCPT ); Fri, 5 Nov 2021 11:48:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44760 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232918AbhKEPsd (ORCPT ); Fri, 5 Nov 2021 11:48:33 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9666DC061205 for ; Fri, 5 Nov 2021 08:45:53 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id ee33so34756739edb.8 for ; Fri, 05 Nov 2021 08:45:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=03ijkIPa37XtPTKt2qx3E0ByYddbAWLXbWkCvX19zTw=; b=Z9t99ovUWE4anP0URbPz5iv6AxPKUee9s7l0YhAyraDd++Hi+PcoJ+XAaYnEnTkhZu 8PVILVd7NTcF6+hmM/9G0a7VafJ+AnW3UqKPUigf1YPmYIcaHSCMOUW2uhW3RtvDWPZF 96PPd9bIU/SGqtsmVCyroYg/0yvPYzUXrKDQAIuQZZ8GqDJ2Zwjt387JO45/hISVai/W NRk6ZtfwLklehCvvn261YGJHaUIZyXzY2j2xjanTqK4y0alu7Ze0bw63koEOCiUHQ0tk kHNnL+i300goItiAClM0MEuhaCJ8TPF/AmvWXC4/wRtOenCgerbwq6jVET9kGWetaoyE joMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=03ijkIPa37XtPTKt2qx3E0ByYddbAWLXbWkCvX19zTw=; b=HzUN2S2rhLiZaGXiK8+HkMRJ89AsBeI2XilD/1097HoYu5ohfawLz0gy62RJo+z3RZ YvWj+YtFPUACD32dG0ROgBbrNKgolzjB7nfL5hH/hXjOrpuG1viCgtNj/MWAkEv/mhNj llTS5kWr5b96of3qah403ol7p24zzM2f67cejlMVs824XhwF/UZx+vbP+xwFmodLiKuc 1gAdcGgjPebUxT01i+aJSM9oDLA2Ls8K9Lh9UN6t5AjVRi4LgEve/4my+TaLYGNszdPu siI4M4H0h0uRjNM2Ucf6xcxhyGblPRugOrAZSNgmiTF20SJZf3rHHNtV7K/FS2WEEdm1 4CwA== X-Gm-Message-State: AOAM533svbCmOEo1ePpOk12Fo5O6EwKIBOEy75Mlb9Ff5jRUWUPE/r/X WVSEC+E1gNiKZzIYecpzzt9AWCEV6Ds= X-Google-Smtp-Source: ABdhPJwBVnJViZTrV7cGmCrD9jUOLH0lbylvShjybHSni6ZC+xTtgMK+gEHA+7CneH9uaOGIhcvMcg== X-Received: by 2002:aa7:cb86:: with SMTP id r6mr77550719edt.236.1636127152179; Fri, 05 Nov 2021 08:45:52 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:51 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 10/36] libsepol: add checks for read sizes Date: Fri, 5 Nov 2021 16:45:12 +0100 Message-Id: <20211105154542.38434-11-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Add checks for invalid read sizes from a binary policy to guard allocations. The common and class permission counts needs to be limited more strict otherwise a too high count of common or class permissions can lead to permission values with a too high value, which can lead to overflows in shift operations. In the fuzzer build the value will also be bounded to avoid oom reports. ==29857== ERROR: libFuzzer: out-of-memory (malloc(17179868160)) To change the out-of-memory limit use -rss_limit_mb= #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61) #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557) #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7) #6 0x4aa143 in __asan::asan_malloc(unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aa143) #7 0x5259cb in malloc (./out/binpolicy-fuzzer+0x5259cb) #8 0x580b5d in mallocarray ./libsepol/src/./private.h:93:9 #9 0x57c2ed in scope_read ./libsepol/src/policydb.c:4120:7 #10 0x576b0d in policydb_read ./libsepol/src/policydb.c:4462:9 #11 0x55a214 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:26:6 #12 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #13 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #14 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #15 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #16 0x7ffad6e107ec in __libc_start_main csu/../csu/libc-start.c:332:16 #17 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) ==19462== ERROR: libFuzzer: out-of-memory (malloc(18253611008)) To change the out-of-memory limit use -rss_limit_mb= #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61) #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557) #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7) #6 0x4aa999 in __asan::asan_calloc(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aa999) #7 0x525b63 in __interceptor_calloc (./out/binpolicy-fuzzer+0x525b63) #8 0x570938 in policydb_index_others ./libsepol/src/policydb.c:1245:6 #9 0x5771f3 in policydb_read ./src/policydb.c:4481:6 #10 0x55a214 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:26:6 #11 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #12 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #13 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #14 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #15 0x7f4d933157ec in __libc_start_main csu/../csu/libc-start.c:332:16 #16 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index dcea1807..1408405d 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2103,6 +2103,8 @@ static int common_read(policydb_t * p, hashtab_t h, struct policy_file *fp) if (symtab_init(&comdatum->permissions, PERM_SYMTAB_SIZE)) goto bad; comdatum->permissions.nprim = le32_to_cpu(buf[2]); + if (comdatum->permissions.nprim > 32) + goto bad; nel = le32_to_cpu(buf[3]); key = malloc(len + 1); @@ -2251,6 +2253,8 @@ static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE)) goto bad; cladatum->permissions.nprim = le32_to_cpu(buf[3]); + if (cladatum->permissions.nprim > 32) + goto bad; nel = le32_to_cpu(buf[4]); ncons = le32_to_cpu(buf[5]); @@ -3980,6 +3984,8 @@ static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl, if (rc < 0) return -1; nprim = le32_to_cpu(buf[0]); + if (is_saturated(nprim)) + return -1; nel = le32_to_cpu(buf[1]); for (j = 0; j < nel; j++) { if (read_f[i] (p, decl->symtab[i].table, fp)) { @@ -4106,7 +4112,7 @@ static int scope_read(policydb_t * p, int symnum, struct policy_file *fp) goto cleanup; scope->scope = le32_to_cpu(buf[0]); scope->decl_ids_len = le32_to_cpu(buf[1]); - if (scope->decl_ids_len == 0) { + if (zero_or_saturated(scope->decl_ids_len)) { ERR(fp->handle, "invalid scope with no declaration"); goto cleanup; } @@ -4396,6 +4402,8 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) if (rc < 0) goto bad; nprim = le32_to_cpu(buf[0]); + if (is_saturated(nprim)) + goto bad; nel = le32_to_cpu(buf[1]); if (nel && !nprim) { ERR(fp->handle, "unexpected items in symbol table with no symbol"); From patchwork Fri Nov 5 15:45:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604981 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E70E8C4321E for ; Fri, 5 Nov 2021 15:45:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CA36261183 for ; Fri, 5 Nov 2021 15:45:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232923AbhKEPsf (ORCPT ); Fri, 5 Nov 2021 11:48:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44772 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232864AbhKEPsf (ORCPT ); Fri, 5 Nov 2021 11:48:35 -0400 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D7B04C061714 for ; Fri, 5 Nov 2021 08:45:54 -0700 (PDT) Received: by mail-ed1-x52f.google.com with SMTP id b15so15222599edd.7 for ; Fri, 05 Nov 2021 08:45:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=E3uhquq8thBUgDTs6GsBKpcBitVfPLdjYHlKjwigYZM=; b=MJSx4VFNQ2bSV2X5FN1zfrXC82+AHuPZN3mpnSRzyoctyO9H38vbPqnWO0ZdN7+sbY K/GVGh/CFLy29DJsDtQzCq+Apo59/CWeCVBO59fHx6FQIg97Ohaedo03Q0qyBX0C9QD/ kHia+uuMCgXWoDvPZIucN4UfA5P4ojmNDMphm9ZdPoa4Ag+7r88b7MvZGfTnUKjaBvjn gy5s7wtqYEX3S31VgzPSIKnfJ7d+zq+Z1BWwiOabx0hAj8co4efsfZgUK9uNsG6iF2HD J6RMdOlMiYJCiqdzSvTDjLtW7QU/3DdmtAblYnL5EpmaplQt3ucBnJIpY/Sb0hn5N6ei cxlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=E3uhquq8thBUgDTs6GsBKpcBitVfPLdjYHlKjwigYZM=; b=EhpKlDYi4ZgCpMofyel7hyxF7FgbzEzWkjj9k3Kkk/Af5M8P/Yp1bZRr7reMIqwBza cg/5hXnRLDuBVNC1kcsr3V6Yz52SEDRuUD5wZFb10FKogI7IZvCCL1+ZQM4ggPowaEAl tNyxPBLUuoXe/HyS1gZgyvq+ymL+o8xnV+LLG1YOR/GIbgOsjc5ufwwGlXFPe6o8Seaw t9vHben6ZvwKqMUMz5Z0xEDuRzDA746md4YSzk7ieuSWkxTT+MvZrAtByonpc8jGFzkr MPxFDdwiWUOdlpoZ06a+B6Z05IvwYM1b35pSt1yakAog33+IgJLO4Fn56GHwSGJCpvUF V8TQ== X-Gm-Message-State: AOAM533inKsXR7rHMGFmpgBgG/hZ0QkzpSBou7oefoaxMUKmOTeCrljz k3KdS04DekR5LLSBsvC3viH6yZJV+FE= X-Google-Smtp-Source: ABdhPJxrLThmAqYAzLIFAeAhdF/EhJo5j3453bTgQW6Nywih2Uur/oUM4ch+xSrW9Fr3Ni5F5c9k7g== X-Received: by 2002:aa7:d7cb:: with SMTP id e11mr43164711eds.295.1636127152735; Fri, 05 Nov 2021 08:45:52 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:52 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 11/36] libsepol: enforce avtab item limit Date: Fri, 5 Nov 2021 16:45:13 +0100 Message-Id: <20211105154542.38434-12-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check the current item count does not exceed the maximum allowed to avoid stack overflows. ==33660==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fa64b8fc070 at pc 0x0000005acba0 bp 0x7ffc1f0b2870 sp 0x7ffc1f0b2868 READ of size 4 at 0x7fa64b8fc070 thread T0 #0 0x5acb9f in avtab_read_item ./libsepol/src/avtab.c:507:18 #1 0x5acec4 in avtab_read ./libsepol/src/avtab.c:611:8 #2 0x576ae3 in policydb_read ./libsepol/src/policydb.c:4433:7 #3 0x55a1fe in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:24:6 #4 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #5 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #6 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #7 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #8 0x7fa64cc867ec in __libc_start_main csu/../csu/libc-start.c:332:16 #9 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Address 0x7fa64b8fc070 is located in stack of thread T0 at offset 112 in frame #0 0x5aabdf in avtab_read_item ./libsepol/src/avtab.c:437 This frame has 6 object(s): [32, 33) 'buf8' (line 438) [48, 56) 'buf16' (line 439) [80, 112) 'buf32' (line 440) <== Memory access at offset 112 overflows this variable [144, 152) 'key' (line 441) [176, 192) 'datum' (line 442) [208, 244) 'xperms' (line 443) HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow ./libsepol/src/avtab.c:507:18 in avtab_read_item Shadow bytes around the buggy address: 0x0ff5497177b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff5497177c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff5497177d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff5497177e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff5497177f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x0ff549717800: f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 00 00[f2]f2 0x0ff549717810: f2 f2 00 f2 f2 f2 00 00 f2 f2 00 00 00 00 04 f3 0x0ff549717820: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff549717830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff549717840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0ff549717850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==33660==ABORTING Signed-off-by: Christian Göttsche --- libsepol/src/avtab.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c index 46e1e75d..64aab683 100644 --- a/libsepol/src/avtab.c +++ b/libsepol/src/avtab.c @@ -503,6 +503,12 @@ int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a, for (i = 0; i < ARRAY_SIZE(spec_order); i++) { if (val & spec_order[i]) { + if (items > items2) { + ERR(fp->handle, + "entry has too many items (%d/%d)", + items, items2); + return -1; + } key.specified = spec_order[i] | enabled; datum.data = le32_to_cpu(buf32[items++]); rc = insertf(a, &key, &datum, p); From patchwork Fri Nov 5 15:45:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604985 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9DF0BC433F5 for ; Fri, 5 Nov 2021 15:45:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 844D161183 for ; Fri, 5 Nov 2021 15:45:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232757AbhKEPsg (ORCPT ); Fri, 5 Nov 2021 11:48:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44782 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232958AbhKEPsf (ORCPT ); Fri, 5 Nov 2021 11:48:35 -0400 Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E8FC8C061714 for ; Fri, 5 Nov 2021 08:45:55 -0700 (PDT) Received: by mail-ed1-x533.google.com with SMTP id r4so33723711edi.5 for ; Fri, 05 Nov 2021 08:45:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=+b07vzbHaFZ64ixsJ/03cS6hcL3GUuhwNXQGLe4OIxw=; b=Z8jJzPKzrG96QZum7Q8sYldfIx/3Ajd43eih9enr5j3gPmIcKnogAJjpqG9sxEGmfA 6OEu3rZR4tTuOSXR4gXYGaC7Q1lWsH5a/i9EtF4u3wonGod+2Fd61JVeB1cycK5vRHjE +r+YIFt2EFUndn16iyZYAmIT0vEtajVxl+QVsf5kPX8jqI1mdfOUX4IqOtXOVUmgx/Ns ZhUF6p/pocdxD4DriyGU449aZVvFdRmjLRnHAu6NvececY3JuOKfvqZKXmlvr1Amp/td i7wRWoTvNN+IgOj8NqFboj95axzQzZgziYOFVSqSSFkONesMHHZjo/T8YD4Ys1T9zkQE DcIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+b07vzbHaFZ64ixsJ/03cS6hcL3GUuhwNXQGLe4OIxw=; b=6Ao7fBbrDgap220/Xi9SWXyXtx9sk7LNJIEkAqIecwZvGKeu3ROYi/XXDjVtN756ei KBa6PVjBnxzCGz7tc+FLiSp4X4Kj1pUHQvwKm3m1YF9Fxp94skaj9o0HTCJs82yHWMrr z4VtP5j+Bkhng8XSy4lzlY5W180FYXhjhjotmC30eqKf4fygg/V+LPfQTtwrIV65LNVj 8K50DS/OPPglcRinR9e/StoQ8IxFs2/ZI8hffcL6xOSI5hSRg8wcpQK5Nc59nCjzy7Uw Zz39TPEuWQUsCQnYwTTJdKq2/OTovkDUCF/8fbeWU+unAGocDLQ+4l/zs1/LlkmIyxJg 4k9w== X-Gm-Message-State: AOAM530+dqjOScULQJhiQlozfHIpaOxVFKvxfj3C5TSnl2+5/o3T/UA4 4vRqDR96u6wck731bXphJzq+hqBImR0= X-Google-Smtp-Source: ABdhPJw2hFNCIe+wuIl/Ec08dfijGMAqYCW2GHF/EKn5J7fKv1af4Sw11BRSpm/LMwpazAXUTUcvaA== X-Received: by 2002:a05:6402:34d3:: with SMTP id w19mr46805775edc.35.1636127153241; Fri, 05 Nov 2021 08:45:53 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:52 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 12/36] libsepol: clean memory on conditional insertion failure Date: Fri, 5 Nov 2021 16:45:14 +0100 Message-Id: <20211105154542.38434-13-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Free the local access vector list on failure as it does not get moved into the policy structure. Drop the now redundant, but non-exhaustive, resource cleanup in cond_insertf(). Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x52596d in malloc (./out/binpolicy-fuzzer+0x52596d) #1 0x5b30d2 in cond_insertf ./libsepol/src/conditional.c:682:9 #2 0x5ac218 in avtab_read_item ./libsepol/src/avtab.c:583:10 #3 0x5b21f4 in cond_read_av_list ./libsepol/src/conditional.c:725:8 #4 0x5b21f4 in cond_read_node ./libsepol/src/conditional.c:798:7 #5 0x5b21f4 in cond_read_list ./libsepol/src/conditional.c:847:7 #6 0x576b6e in policydb_read ./libsepol/src/policydb.c:4436:8 #7 0x55a1fe in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:24:6 #8 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #9 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #10 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #11 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #12 0x7f47abeb87ec in __libc_start_main csu/../csu/libc-start.c:332:16 Signed-off-by: Christian Göttsche --- v2: drop redundant cleanup in cond_insertf() --- libsepol/src/conditional.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c index cc3f4d82..a3125fdd 100644 --- a/libsepol/src/conditional.c +++ b/libsepol/src/conditional.c @@ -634,7 +634,7 @@ static int cond_insertf(avtab_t * a if (k->specified & AVTAB_TYPE) { if (avtab_search(&p->te_avtab, k)) { WARN(NULL, "security: type rule already exists outside of a conditional."); - goto err; + return -1; } /* * If we are reading the false list other will be a pointer to @@ -650,7 +650,7 @@ static int cond_insertf(avtab_t * a if (avtab_search_node_next (node_ptr, k->specified)) { ERR(NULL, "security: too many conflicting type rules."); - goto err; + return -1; } found = 0; for (cur = other; cur != NULL; cur = cur->next) { @@ -661,13 +661,13 @@ static int cond_insertf(avtab_t * a } if (!found) { ERR(NULL, "security: conflicting type rules.\n"); - goto err; + return -1; } } } else { if (avtab_search(&p->te_cond_avtab, k)) { ERR(NULL, "security: conflicting type rules when adding type rule for true.\n"); - goto err; + return -1; } } } @@ -675,13 +675,13 @@ static int cond_insertf(avtab_t * a node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d); if (!node_ptr) { ERR(NULL, "security: could not insert rule."); - goto err; + return -1; } node_ptr->parse_context = (void *)1; list = malloc(sizeof(cond_av_list_t)); if (!list) - goto err; + return -1; memset(list, 0, sizeof(cond_av_list_t)); list->node = node_ptr; @@ -691,11 +691,6 @@ static int cond_insertf(avtab_t * a data->tail->next = list; data->tail = list; return 0; - - err: - cond_av_list_destroy(data->head); - data->head = NULL; - return -1; } static int cond_read_av_list(policydb_t * p, void *fp, @@ -724,8 +719,10 @@ static int cond_read_av_list(policydb_t * p, void *fp, for (i = 0; i < len; i++) { rc = avtab_read_item(fp, p->policyvers, &p->te_cond_avtab, cond_insertf, &data); - if (rc) + if (rc) { + cond_av_list_destroy(data.head); return rc; + } } From patchwork Fri Nov 5 15:45:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604983 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36C29C4167D for ; Fri, 5 Nov 2021 15:45:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1B62561108 for ; Fri, 5 Nov 2021 15:45:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232864AbhKEPsg (ORCPT ); Fri, 5 Nov 2021 11:48:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44778 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232918AbhKEPsf (ORCPT ); Fri, 5 Nov 2021 11:48:35 -0400 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 50BD4C06120A for ; Fri, 5 Nov 2021 08:45:55 -0700 (PDT) Received: by mail-ed1-x52f.google.com with SMTP id w1so34804184edd.10 for ; Fri, 05 Nov 2021 08:45:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=vlov0LulgLDNUpIUA0bDaG76wcaDMb58JrD1xP/Bwb8=; b=ctPXIxrO6lACn95AdssbrjbO1zHmxouD2ZBivs4TSXUrukideVr3oXfGXwOE2nqVO0 ib+e6+ktNHiE6GouXGefwcIPBgj2pbQgkt6wVMOlOOpAAiS2k3l/+opBoMtzMfjmdB6G ugKFCaAGEaOFQGxzmNiTsc4UfqvuPNheIdqAM2mrCHHDFbWaeIHBrpfeHE1eWblN2KNM R8scO6+GevcOuereGB29K+YaD9DhcaYMTTQxzK2fE/e0iRrMEqlPY2KD7xIHR7QM7l3N KmewnvDcn25+18ZQUsy5dKzSIGflAq2e795oRHmHIncqKkvIpcQKbRA1r3hEyYbCSemw 8mgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vlov0LulgLDNUpIUA0bDaG76wcaDMb58JrD1xP/Bwb8=; b=Efwa4BV6lnysNLY9nmtRtVEOBXiHhrGpOv/SBTudllJaU99q22POE9dVWMRujYA5Mw e/ZIGCkycaqUNaE3vvQaIwHoTE/AxsykKAnOMRWi5es+WNXn7bEN528gCyA4qSxCO4n4 eAPOZ+DkxmO+upAZl0qEU7Glkg7DOA6q/g1h+8gnlMrv8ITXC3esMNLfijfQ4x5gBSPn F+Nt7w6LJHe/cvlV81lI45HO1GeXQgd8SQYn5aeEsECpYTzINGXUkgHN7dWmPu07gQyE YhezNg4VfLmWDgwjt2ZX07oYWjC5hhgt6nqzOz7F9SeYf/L7BzNLZcUOCNevLk4o6TSI AY9w== X-Gm-Message-State: AOAM531N/ZkGgYhCp2mdsqB/kJZ2pVJ3Fw1pyHt3GVbC2vOos/bWkLB3 KAXZc8alzb1PPYN5hdiN0T9bkSQYPu0= X-Google-Smtp-Source: ABdhPJzBhC4IDgpIlDF9TNUNZI2PgL3Z87byd9oismNtXXdKlSNd1hVHJqDDKmQgpvs7v4EZcZ5jPw== X-Received: by 2002:a50:bf48:: with SMTP id g8mr80217800edk.10.1636127153813; Fri, 05 Nov 2021 08:45:53 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:53 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 13/36] libsepol: reject abnormal huge sid ids Date: Fri, 5 Nov 2021 16:45:15 +0100 Message-Id: <20211105154542.38434-14-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check if the sid value is saturated to guard dependent allocations. ==19967== ERROR: libFuzzer: out-of-memory (malloc(7784628224)) #0 0x52dc61 in __sanitizer_print_stack_trace (./out/binpolicy-fuzzer+0x52dc61) #1 0x475618 in fuzzer::PrintStackTrace() fuzzer.o #2 0x458855 in fuzzer::Fuzzer::HandleMalloc(unsigned long) fuzzer.o #3 0x45876a in fuzzer::MallocHook(void const volatile*, unsigned long) fuzzer.o #4 0x534557 in __sanitizer::RunMallocHooks(void const*, unsigned long) (./out/binpolicy-fuzzer+0x534557) #5 0x4aa7d7 in __asan::Allocator::Allocate(unsigned long, unsigned long, __sanitizer::BufferedStackTrace*, __asan::AllocType, bool) (./out/binpolicy-fuzzer+0x4aa7d7) #6 0x4aabe3 in __asan::Allocator::Reallocate(void*, unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aabe3) #7 0x4aaa32 in __asan::asan_reallocarray(void*, unsigned long, unsigned long, __sanitizer::BufferedStackTrace*) (./out/binpolicy-fuzzer+0x4aaa32) #8 0x525f8e in __interceptor_reallocarray (./out/binpolicy-fuzzer+0x525f8e) #9 0x5ebad3 in strs_add_at_index ./libsepol/src/kernel_to_common.c:224:9 #10 0x5680eb in write_sids_to_conf ./libsepol/src/kernel_to_conf.c:466:8 #11 0x55c1c0 in write_sid_decl_rules_to_conf ./libsepol/src/kernel_to_conf.c:498:8 #12 0x55ad36 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3083:7 #13 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #14 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #15 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #16 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #17 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #18 0x7f085ac657ec in __libc_start_main csu/../csu/libc-start.c:332:16 #19 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 1408405d..1868af5b 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2883,6 +2883,8 @@ static int ocontext_read_xen(const struct policydb_compat_info *info, if (rc < 0) return -1; c->sid[0] = le32_to_cpu(buf[0]); + if (is_saturated(c->sid[0])) + return -1; if (context_read_and_validate (&c->context[0], p, fp)) return -1; @@ -2994,6 +2996,8 @@ static int ocontext_read_selinux(const struct policydb_compat_info *info, if (rc < 0) return -1; c->sid[0] = le32_to_cpu(buf[0]); + if (is_saturated(c->sid[0])) + return -1; if (context_read_and_validate (&c->context[0], p, fp)) return -1; From patchwork Fri Nov 5 15:45:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604987 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B939C433FE for ; Fri, 5 Nov 2021 15:45:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1D7A561183 for ; Fri, 5 Nov 2021 15:45:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233155AbhKEPsg (ORCPT ); Fri, 5 Nov 2021 11:48:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44788 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233055AbhKEPsg (ORCPT ); Fri, 5 Nov 2021 11:48:36 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5DBE8C061208 for ; Fri, 5 Nov 2021 08:45:56 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id o8so34461618edc.3 for ; Fri, 05 Nov 2021 08:45:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=3vb583Si8gIdzKyyXYtEEZm4k8y5qoiEdtNtg7j4mW0=; b=BnB9U1a4q3qr15FOD1kuEE6R9/EFJ0yDQnEwCsr5wsvO0KbLDDBZFtQO7aeAGXCKDE 61d2nm2G/BDwRxFqrir0ruAd/l3LlB4BqNk33fXdBANVpfHua8hNRQwiK/R4+PJf26SG PgnDbThiZbpv4hE9Fzg9hOCyoogtx7V0dgW+MR0+tYYhxKW9IhMbWsZ5K0Buri3l3lm1 /siJkcWAuxm6FSm9Jhx/0ge3/ZHC84tikw5mRPoXsnFZ5iGfkdnC0q9S31BDdBdSPLBr CSauezvOHhcH8j4uikpOLKFeKqyqL/jGhD4BozqSHiaxJ5iy0ZnaqVRk6v52v4ntQAhk JLyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3vb583Si8gIdzKyyXYtEEZm4k8y5qoiEdtNtg7j4mW0=; b=hIhFCWVLafTFtMMIUgJTQ+WRirDf8bTQkbegpS0fqwwz9CPWLRn2uUiEjRm303+l0O XeF2Scv4SeMz2bQisSBTahYSmX4o/8NAjBpaYNNksqay8w3fKxFnGkFLn9LFWFi03QFA B4VQwALb5+VZ3kwChJ7Gasdn5UmOowMkNKnEVB5oPhdqQbG4njF9hXk6bXgrZC2iUPKF w5hIDG9hhA9BFWQbUEXvye1unKSSrhOp1oZgdqSmTbUiuKyf3DaoZArKeBqEKe3hjsP8 oV/Qu1HUI/YZqWBXTLWslrSr7bjZS0vX4mldHN399A5LI+GPO7g+0SKqCHgqCD5cWJ1T BYug== X-Gm-Message-State: AOAM533oNotmxv/971iNxzGqRLrQTRKYxbuDd07p5Y/yFEjGw9QRgVxj DxK6XR0gMQPUFAp7KpvGtY5kxrxF7B4= X-Google-Smtp-Source: ABdhPJzR6SdbJBepvK5e+EdliZCD8ZHgyhPBui013nXHxaZhoB6cAwEnUF1z+8JakzklVkCk107hqA== X-Received: by 2002:a50:9548:: with SMTP id v8mr78842877eda.34.1636127154309; Fri, 05 Nov 2021 08:45:54 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:54 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 14/36] libsepol: reject invalid filetrans source type Date: Fri, 5 Nov 2021 16:45:16 +0100 Message-Id: <20211105154542.38434-15-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Avoid integer underflow on invalid filetrans source types. policydb.c:2658:47: runtime error: unsigned integer overflow: 0 - 1 cannot be represented in type 'unsigned int' #0 0x4cf4cb in policydb_filetrans_insert ./libsepol/src/policydb.c:2658:47 #1 0x4d221a in filename_trans_read_one_compat ./libsepol/src/policydb.c:2691:7 #2 0x4d221a in filename_trans_read ./libsepol/src/policydb.c:2842:9 #3 0x4d1370 in policydb_read ./libsepol/src/policydb.c:4447:7 #4 0x4b1ee3 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:35:6 #5 0x43f2f3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #6 0x42ae32 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #7 0x430d5b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #8 0x45a1f2 in main (./out/binpolicy-fuzzer+0x45a1f2) #9 0x7f8b8923a7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #10 0x407aa9 in _start (./out/binpolicy-fuzzer+0x407aa9) Signed-off-by: Christian Göttsche --- libsepol/src/policydb.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 1868af5b..ab303ce6 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2683,7 +2683,10 @@ static int filename_trans_read_one_compat(policydb_t *p, struct policy_file *fp) if (rc < 0) goto err; - stype = le32_to_cpu(buf[0]); + stype = le32_to_cpu(buf[0]); + if (stype == 0) + goto err; + ttype = le32_to_cpu(buf[1]); tclass = le32_to_cpu(buf[2]); otype = le32_to_cpu(buf[3]); From patchwork Fri Nov 5 15:45:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604989 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B1D02C4332F for ; Fri, 5 Nov 2021 15:45:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 93B4D61108 for ; Fri, 5 Nov 2021 15:45:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232958AbhKEPsh (ORCPT ); Fri, 5 Nov 2021 11:48:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44792 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233129AbhKEPsg (ORCPT ); Fri, 5 Nov 2021 11:48:36 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D0F1DC061714 for ; Fri, 5 Nov 2021 08:45:56 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id o8so34461776edc.3 for ; Fri, 05 Nov 2021 08:45:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=im29GQAtjl6g06dN5pbm15MHMTbK+nnLnI9vapPf2vo=; b=JxyZLiNodR25Kf7knmmpKmBaAE/wFsW1NO2+lzZ/35htX2/6smuyM7GUE0GUQEWcaw HBw+oV7NxxHYMa/A8Hlz4HcST2FOpA/jJstycqYzbMn7khwpTHYkWUbA0ByuGIqoDqKo PumsljVhNpNbGwazRgtUEwLb87GAgE9GtgouQiZZqXrdWRFp8BBWk/X5SmVVAuAvKzf3 E+Cx1GiVQ6B01RNnjvQt8c1nR7B1XlV7U+BJA6kIhwY/Ep1HEsNYhHjwS7nHix6SyJ2+ qaP4DBSwOwB7FH54LaW4PfwZqTazmBl+R1Eh14MzGS7/OhURszpUwKCiTrZdbj7bTV6H /zwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=im29GQAtjl6g06dN5pbm15MHMTbK+nnLnI9vapPf2vo=; b=sr59IJmh7ltwf44OnnKbJKjTTX1h6CrEX6qrxcKiAunNbsqcG1PlANIdVj40NMmGSF bd4guw4yjEf8armwoJJ/TBeAvPK79qbWcO9DTgqvEUu4hW98DSS7OGH+3YcWgiKh64mO KM3jMOvZXeGIoyVHMhn4D/MMo+RtS49JVXejnLbInrxaSjXJA94iCqg/a4WA4LzDY8JV fHNEe1lPgf4JEbg+omOMwqpKAHGyJDXqq48pEhICojr9lgtEVe0bB9tnhihAOslCRVNU j1tlHxyErwAUCNHjylkgt3CinORIq2o/cDDe20nAOPE/hOUxEnP7Af6eYWU1QI9rO/7G +54A== X-Gm-Message-State: AOAM532NE2OLfm7bJU3T6wfaKShGhyXg842QukSKINDzx2WKPr8wG9c+ ntZGhYzncDG3qH9pXMWAUhS6thigKxo= X-Google-Smtp-Source: ABdhPJyyy5sS5NElTQ7S2Cm4t90e5ulKAIKM1UoWmA9T2DleBbl7x/+U473AJdlXXeFjiQtFkhW3YQ== X-Received: by 2002:a17:907:8a20:: with SMTP id sc32mr46672451ejc.65.1636127154831; Fri, 05 Nov 2021 08:45:54 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:54 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 15/36] libsepol: zero member before potential dereference Date: Fri, 5 Nov 2021 16:45:17 +0100 Message-Id: <20211105154542.38434-16-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The `next` member might be checked against NULL and dereferenced before it gets assigned, due to jumps from failure gotos to the cleanup section. ==31017==ERROR: AddressSanitizer: SEGV on unknown address (pc 0x000000579654 bp 0x7ffd3a07d110 sp 0x7ffd3a07d000 T0) ==31017==The signal is caused by a READ memory access. ==31017==Hint: this fault was caused by a dereference of a high value address (see register values below). Disassemble the provided pc to learn which register was used. #0 0x579654 in filename_trans_read_one ./libsepol/src/policydb.c:2874:55 #1 0x579654 in filename_trans_read ./libsepol/src/policydb.c:2902:9 #2 0x5771b7 in policydb_read ./libsepol/src/policydb.c:4509:7 #3 0x55a1f5 in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:24:6 #4 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #5 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #6 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #7 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #8 0x7f2a4e7f97ec in __libc_start_main csu/../csu/libc-start.c:332:16 #9 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index ab303ce6..c4dc3387 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2780,6 +2780,7 @@ static int filename_trans_read_one(policydb_t *p, struct policy_file *fp) if (!datum) goto err; + datum->next = NULL; *dst = datum; /* ebitmap_read() will at least init the bitmap */ @@ -2797,7 +2798,6 @@ static int filename_trans_read_one(policydb_t *p, struct policy_file *fp) dst = &datum->next; } - *dst = NULL; if (ndatum > 1 && filename_trans_check_datum(first)) goto err; From patchwork Fri Nov 5 15:45:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604991 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6A3BFC433EF for ; Fri, 5 Nov 2021 15:45:58 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5853461183 for ; Fri, 5 Nov 2021 15:45:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232918AbhKEPsh (ORCPT ); Fri, 5 Nov 2021 11:48:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44778 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232958AbhKEPsg (ORCPT ); Fri, 5 Nov 2021 11:48:36 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D6A52C061205 for ; Fri, 5 Nov 2021 08:45:56 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id ee33so34757651edb.8 for ; Fri, 05 Nov 2021 08:45:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=mxUQrPZca8PGmH8HvJqAYMNir/lzZz4H2vk9lITypqM=; b=G66Rk0goXV2LggY7Wb6tlyTIlge9xoB6lZ4kZhQb9GVYPd/4mXN35KD+n6OSb8SVGC Ac2foAcOTqtUjUwgnVv4zWd07xhk1qZsJJuZ28gqxVaYMIGqZ4xy+AeMyT8dvZw4Xiiu Q3VKGDAIS78kDzY7LuP356Km68Ypw+cQf+XgQqu5U+/NHcZLR/jjJimx1Xv2qQa5eu3w ivvUjwUJwrDIBw6DVJF+9SGJqAGAZYZsk5UjaSAyJ/P0V/enJttCGJeXVF/kM+KQvmLj IsND63akwLncReLww/Oj1ZZoWyz5IZPM5JEDvEVaViH1K0Mjp6CQohgeaLUbXPUJ20Lb 3Nbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=mxUQrPZca8PGmH8HvJqAYMNir/lzZz4H2vk9lITypqM=; b=2DC3kCr//KEtEzS38+piJha+FGTYta/b2g7Mb6gnUPi0O2Wetr221MBH6SyEcEBq+A Wpx22ahfszm8d3/7KcZJ5S6OWu5ABa1Xu427YGyl/2zN0MHAPtfaMr+d7hi83H2B11Gn jo2/jvW9WuVuKVU9LS0UGh2XRW2bmWQl+PuJ9dARVe6HdRMRSKW2gT23HmJrYkSmapaW 4KzSO6NbMDKY0w9QJTwvRStxcMYonCER0ZJAHspHC+pIhxNA+XrUs0XSKWLV3FRaDaD5 AWDtE9OqQqXGMEknJtbofP09kxsf/4GmQuOhnTq+k+5sKfNN+OzWc+B6hlI8ZNyciQB+ NQxQ== X-Gm-Message-State: AOAM530DNHXlLtR4O1t0sfbVU5VVRSjtLEiicnFHlVMmLRSDO1whA7ZG t1SUdqwC1Qwfk/x9T/xN/TUUfgRtQV4= X-Google-Smtp-Source: ABdhPJwYspYvqno0NgILJXx3ohrtDlcUMeZDJXX7FDrFO9cfKZ0ZPzbiVSF62m04J/++hqcd+vtwIQ== X-Received: by 2002:a50:d984:: with SMTP id w4mr79647934edj.375.1636127155431; Fri, 05 Nov 2021 08:45:55 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:55 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 16/36] libsepol: use size_t for indexes in strs helpers Date: Fri, 5 Nov 2021 16:45:18 +0100 Message-Id: <20211105154542.38434-17-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use size_t, as the strs struct uses it for its size member. Signed-off-by: Christian Göttsche --- libsepol/src/kernel_to_common.c | 8 ++++---- libsepol/src/kernel_to_common.h | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c index 51df8c25..47c02d61 100644 --- a/libsepol/src/kernel_to_common.c +++ b/libsepol/src/kernel_to_common.c @@ -159,7 +159,7 @@ int strs_add(struct strs *strs, char *s) { if (strs->num + 1 > strs->size) { char **new; - unsigned i = strs->size; + size_t i = strs->size; strs->size *= 2; new = reallocarray(strs->list, strs->size, sizeof(char *)); if (!new) { @@ -212,11 +212,11 @@ char *strs_remove_last(struct strs *strs) return strs->list[strs->num]; } -int strs_add_at_index(struct strs *strs, char *s, unsigned index) +int strs_add_at_index(struct strs *strs, char *s, size_t index) { if (index >= strs->size) { char **new; - unsigned i = strs->size; + size_t i = strs->size; while (index >= strs->size) { strs->size *= 2; } @@ -237,7 +237,7 @@ int strs_add_at_index(struct strs *strs, char *s, unsigned index) return 0; } -char *strs_read_at_index(struct strs *strs, unsigned index) +char *strs_read_at_index(struct strs *strs, size_t index) { if (index >= strs->num) { return NULL; diff --git a/libsepol/src/kernel_to_common.h b/libsepol/src/kernel_to_common.h index 8aa483fa..e9932d30 100644 --- a/libsepol/src/kernel_to_common.h +++ b/libsepol/src/kernel_to_common.h @@ -99,8 +99,8 @@ int strs_add(struct strs *strs, char *s); __attribute__ ((format(printf, 2, 4))) int strs_create_and_add(struct strs *strs, const char *fmt, int num, ...); char *strs_remove_last(struct strs *strs); -int strs_add_at_index(struct strs *strs, char *s, unsigned index); -char *strs_read_at_index(struct strs *strs, unsigned index); +int strs_add_at_index(struct strs *strs, char *s, size_t index); +char *strs_read_at_index(struct strs *strs, size_t index); void strs_sort(struct strs *strs); unsigned strs_num_items(struct strs *strs); size_t strs_len_items(struct strs *strs); From patchwork Fri Nov 5 15:45:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604993 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B251C43219 for ; Fri, 5 Nov 2021 15:45:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E757761108 for ; Fri, 5 Nov 2021 15:45:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233129AbhKEPsh (ORCPT ); Fri, 5 Nov 2021 11:48:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44802 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232665AbhKEPsh (ORCPT ); Fri, 5 Nov 2021 11:48:37 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 75045C061208 for ; Fri, 5 Nov 2021 08:45:57 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id f8so34736259edy.4 for ; Fri, 05 Nov 2021 08:45:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=vvxklblsHGQCrBdVywtxrRqPdECJnimmtACej20pwXU=; b=Cvkc1s4SEExlMaPM/sGWmUvdp13HuiSv+PS8DbexMWwWFZB0QQN/XFSHBgmSZrCwa6 5OhCGhlZxdRLq5cc7+G4AuJInDgHHc/IQwsQh6m636X/a3gywSO89AI4N+c02OzJ8h/h ypKzw/kn8d+ROXD/JJCbByI2qQPwDJnkllG2BZahH0w0V+WBWp9glgyVDmm1I4czkufj i0Nb56HUKDlLkRqkce6hvq1JQCZRvbNWtPKqJMr5fFL04suOiw0YZWNNOTLXGIJUMQc7 o+HMaIQ7swLIClqckwdDoyqek+umk9NsVUlmD9X4ZxuG+OXzMaVQDgvVGNHzAGKvZ2O8 nLww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vvxklblsHGQCrBdVywtxrRqPdECJnimmtACej20pwXU=; b=P9srQugw+0X3qdgWBoNdmuhDL1Jj64+PE/3xXnTkU8E0mg27rFduyYivzpU/2kkkGZ Yo+rP92Evv7AL+kyOGIoRauUFphmsRwcGMg1M9ztvDH8Msz7xlb+8g+O6/tkMaIZfErr +F8WoPZOcc+e2I5U/dGNOcVfaCJT6IpjYMD7XK9MnxlGJgTS4pp/jzU8PeflX9ppjCJu UF5aORl9wt7uKWlpFBIBJPDekk+Jz38I8Km/SofwdJtVWym0DllgnRBJkGmhUCM7OdrK SC6Wd5lWqeo/tIhSF22k3bhVFUOoOP8QrvdHJ7DodhjMhDy0Bhtuspug5Vy9yX/K2UNc wtpg== X-Gm-Message-State: AOAM532qg/CF6w18x/Uws3Cn6MEf5oYMUINVqIAEgSoP8WlTGdrdajSO TJ+3y+AvyTBav7MjDESuigoGAkXmK48= X-Google-Smtp-Source: ABdhPJzMTFCLpLnWSk5auzyTURag0EJ17/i9WEdBhHRktQQcjhHzh4D8ZBa3cW73nGCQNE3WfurOHA== X-Received: by 2002:a05:6402:6c8:: with SMTP id n8mr47991500edy.38.1636127156015; Fri, 05 Nov 2021 08:45:56 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:55 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 17/36] libsepol: do not underflow on short format arguments Date: Fri, 5 Nov 2021 16:45:19 +0100 Message-Id: <20211105154542.38434-18-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Handle format arguments that do not have a size of at least 2. kernel_to_common.c:69:20: runtime error: unsigned integer overflow: 1 - 2 cannot be represented in type 'unsigned long' #0 0x557b0b in create_str_helper ./libsepol/src/kernel_to_common.c:69:20 #1 0x5577b8 in create_str ./libsepol/src/kernel_to_common.c:99:8 #2 0x56448c in cond_expr_to_str ./libsepol/src/kernel_to_conf.c:82:15 #3 0x56448c in write_cond_nodes_to_conf ./libsepol/src/kernel_to_conf.c:2103:10 #4 0x55bd9b in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3171:7 #5 0x4f9d79 in main ./checkpolicy/checkpolicy.c:684:11 #6 0x7fe2a342b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #7 0x41f3a9 in _start (./checkpolicy/checkpolicy+0x41f3a9) Signed-off-by: Christian Göttsche --- libsepol/src/kernel_to_common.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c index 47c02d61..152f2816 100644 --- a/libsepol/src/kernel_to_common.c +++ b/libsepol/src/kernel_to_common.c @@ -57,7 +57,7 @@ static char *create_str_helper(const char *fmt, int num, va_list vargs) va_list vargs2; char *str = NULL; char *s; - size_t len; + size_t len, s_len; int i, rc; va_copy(vargs2, vargs); @@ -66,7 +66,8 @@ static char *create_str_helper(const char *fmt, int num, va_list vargs) for (i=0; i 1 ? s_len - 2 : 0; /* -2 for each %s in fmt */ } str = malloc(len); From patchwork Fri Nov 5 15:45:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605005 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C357BC433F5 for ; Fri, 5 Nov 2021 15:46:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A75C861183 for ; Fri, 5 Nov 2021 15:46:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233459AbhKEPsp (ORCPT ); Fri, 5 Nov 2021 11:48:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44844 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233331AbhKEPsl (ORCPT ); Fri, 5 Nov 2021 11:48:41 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B8772C061714 for ; Fri, 5 Nov 2021 08:46:01 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id r4so33724415edi.5 for ; Fri, 05 Nov 2021 08:46:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=P9XC6zTxORKByCdyHSA20Qhzw9U5tKnSO5rDOttqLZo=; b=H+dNzxmQkXsnan59hVxlSoa+dsGob3/1uQwgcpR24j2YqAhzwBJu7enMFtWzfrxv4R 88V1aHZ6VE+wsxtsk0OfM9x4b4EpGARhtxAVduK4YdkisjOQlE049uAxtm2b19y8Dfo3 61BBX2Zwx6jj7p+OamG239hpJd+/LZjRcgeINmm9wCvBk3NoDu8J+5KX24tuRm/ZRw61 TxAMReMKKA739Hjiw3xFLLkwUFovSxSuS/C2fv4Fgd2YiPAUw8KRwsXmJiR7uhJrJEIP nLxQSfa+nQ+z3H5x/KNpvF786LiX8So8bC+2ChKg8TGOM5Xr5B4LljLhIgzU4SumJ9d6 txDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=P9XC6zTxORKByCdyHSA20Qhzw9U5tKnSO5rDOttqLZo=; b=UfbFSi17RuoTVC8H4Lw6D6w0pY/wEnCywg09Bh/1wVe5v7GIavB3j9z8e9xhG3n8Bl +1H+4qitf5OUMxWQzMXpfwWmAvQlS0vs62cEy/wLRwhe0HGF9xe2Jqe0ou2K82GZc47O JOSU7zZN2e+qWpFzXCdIS41kXNQ0+LyB8jvDBo3Ea2SWIf9Y9L/mgnDKGzUotZxs829u hVq1GkYuCy5b9FnTs/pmHDNneB+B+uVREVRVGShn65sjwdmxObYWBi6ISft7dXif+uR9 7ZZrMDxtczRoIYR6yYUMRZS+q7E6UT9nbSLr9pH3Vud32r+DVMMe76s2KE/INZzfLK/U bIJQ== X-Gm-Message-State: AOAM530oGjOXodNlfWj1Nt5SY4gdingZUXsux0+PXpXdS82YTM9ybNgj 9GADUkNyWCDHGF9i15f9y+OERbaesSM= X-Google-Smtp-Source: ABdhPJzqQPEesZ+O2vLp0xlt8mcJWTq+lvMM9Cr01s8zrZcpJ8Iku6ZUuKT/CLCz6VPWixMqqXidaQ== X-Received: by 2002:a17:906:314e:: with SMTP id e14mr73317106eje.165.1636127156561; Fri, 05 Nov 2021 08:45:56 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:56 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 18/36] libsepol: do not crash on class gaps Date: Fri, 5 Nov 2021 16:45:20 +0100 Message-Id: <20211105154542.38434-19-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Handle gaps in the class table while printing a policy configuration. ==21763==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000028 (pc 0x00000055b696 bp 0x7ffe69e8ab50 sp 0x7ffe69e8aa60 T0) ==21763==The signal is caused by a READ memory access. ==21763==Hint: address points to the zero page. #0 0x55b696 in constraint_rules_to_strs ./libsepol/src/kernel_to_conf.c:361:14 #1 0x55ac80 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3063:7 #2 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #3 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #4 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #5 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #6 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #7 0x7fc60d39e7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #8 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/kernel_to_cil.c | 9 +++++++++ libsepol/src/kernel_to_conf.c | 10 ++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index 305567a5..bb167647 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -358,6 +358,7 @@ static int constraint_rules_to_strs(struct policydb *pdb, struct strs *mls_strs, for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->constraints) { name = pdb->p_class_val_to_name[i]; rc = class_constraint_rules_to_strs(pdb, name, class, class->constraints, mls_strs, non_mls_strs); @@ -383,6 +384,7 @@ static int validatetrans_rules_to_strs(struct policydb *pdb, struct strs *mls_st for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->validatetrans) { name = pdb->p_class_val_to_name[i]; rc = class_validatetrans_rules_to_strs(pdb, name, class->validatetrans, mls_strs, non_mls_strs); @@ -461,6 +463,7 @@ static int write_class_decl_rules_to_cil(FILE *out, struct policydb *pdb) /* class */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; name = pdb->p_class_val_to_name[i]; perms = class_or_common_perms_to_str(&class->permissions); if (perms) { @@ -488,6 +491,7 @@ static int write_class_decl_rules_to_cil(FILE *out, struct policydb *pdb) /* classcommon */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; name = pdb->p_class_val_to_name[i]; if (class->comkey != NULL) { sepol_printf(out, "(classcommon %s %s)\n", name, class->comkey); @@ -503,6 +507,7 @@ static int write_class_decl_rules_to_cil(FILE *out, struct policydb *pdb) } for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; name = class->comkey; if (name != NULL) { common = hashtab_search(pdb->p_commons.table, name); @@ -727,6 +732,7 @@ static int write_default_rules_to_cil(FILE *out, struct policydb *pdb) /* default_user */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_user != 0) { rc = write_default_user_to_cil(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { @@ -738,6 +744,7 @@ static int write_default_rules_to_cil(FILE *out, struct policydb *pdb) /* default_role */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_role != 0) { rc = write_default_role_to_cil(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { @@ -749,6 +756,7 @@ static int write_default_rules_to_cil(FILE *out, struct policydb *pdb) /* default_type */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_type != 0) { rc = write_default_type_to_cil(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { @@ -764,6 +772,7 @@ static int write_default_rules_to_cil(FILE *out, struct policydb *pdb) /* default_range */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_range) { rc = write_default_range_to_cil(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index eb72e4ac..b2a42606 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -358,7 +358,7 @@ static int constraint_rules_to_strs(struct policydb *pdb, struct strs *mls_strs, for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; - if (class->constraints) { + if (class && class->constraints) { name = pdb->p_class_val_to_name[i]; rc = class_constraint_rules_to_strs(pdb, name, class, class->constraints, mls_strs, non_mls_strs); if (rc != 0) { @@ -383,7 +383,7 @@ static int validatetrans_rules_to_strs(struct policydb *pdb, struct strs *mls_st for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; - if (class->validatetrans) { + if (class && class->validatetrans) { name = pdb->p_class_val_to_name[i]; rc = class_validatetrans_rules_to_strs(pdb, name, class->validatetrans, mls_strs, non_mls_strs); if (rc != 0) { @@ -551,6 +551,7 @@ static int write_class_and_common_rules_to_conf(FILE *out, struct policydb *pdb) } for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; name = class->comkey; if (!name) continue; common = hashtab_search(pdb->p_commons.table, name); @@ -577,6 +578,7 @@ static int write_class_and_common_rules_to_conf(FILE *out, struct policydb *pdb) /* class */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; name = pdb->p_class_val_to_name[i]; sepol_printf(out, "class %s", name); if (class->comkey) { @@ -702,6 +704,7 @@ static int write_default_rules_to_conf(FILE *out, struct policydb *pdb) /* default_user */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_user != 0) { rc = write_default_user_to_conf(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { @@ -713,6 +716,7 @@ static int write_default_rules_to_conf(FILE *out, struct policydb *pdb) /* default_role */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_role != 0) { rc = write_default_role_to_conf(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { @@ -724,6 +728,7 @@ static int write_default_rules_to_conf(FILE *out, struct policydb *pdb) /* default_type */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_type != 0) { rc = write_default_type_to_conf(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { @@ -739,6 +744,7 @@ static int write_default_rules_to_conf(FILE *out, struct policydb *pdb) /* default_range */ for (i=0; i < pdb->p_classes.nprim; i++) { class = pdb->class_val_to_struct[i]; + if (!class) continue; if (class->default_range != 0) { rc = write_default_range_to_conf(out, pdb->p_class_val_to_name[i], class); if (rc != 0) { From patchwork Fri Nov 5 15:45:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604995 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50E26C433FE for ; Fri, 5 Nov 2021 15:46:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3889561108 for ; Fri, 5 Nov 2021 15:46:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232110AbhKEPsj (ORCPT ); Fri, 5 Nov 2021 11:48:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44810 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232665AbhKEPsi (ORCPT ); Fri, 5 Nov 2021 11:48:38 -0400 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8DFB4C061714 for ; Fri, 5 Nov 2021 08:45:58 -0700 (PDT) Received: by mail-ed1-x529.google.com with SMTP id f8so34736506edy.4 for ; Fri, 05 Nov 2021 08:45:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=tOFMTZkWBZlTL6IyBaOlzzb3l+DA5t3OGFP//B1ut3k=; b=T1YfnoLhERLEa7kq8s2xFCetLiO90abJr9sbTIDNsvmvqDteUGUkGdr6inPw0ByK3J DH7lGf5Q1MA3r0I2sqsfkitw0Q59g1UxfG8GG+rbP13509+CEEAtP4pmplX2ft7frXMG Ce0ZUb3aFuGjrapneJ0DTO6gJGEFf2MuNdrKKTp6Eop3F0tkOXdlMXahxFUKWcth2sg9 jMLBVplBV7DelfNsYur3OOiKHlBGbcasJ8ZKH6utl5FXQ+ka5b1H4UuANtIFYyet2hKG XLML9CvT5uALFjzuTyE7xy88/WLO8LfZfiy3G9OdktgBByKALfzhLjX6vBr9SRucEytv lRXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=tOFMTZkWBZlTL6IyBaOlzzb3l+DA5t3OGFP//B1ut3k=; b=Vp3IR64fI6iv94DfX1svtZipKAQ/Up//v7qbjxoVXQhfuBizEtrGjTrITsnKgGvyrI uR3fB2/y+ELUA0ZePhtmI6aSrUsugDS8x+NdDgJq/bgsl6FgdkFq2Yz7YWvTbVmHZjre rNg3svg2Dh0nq5OUKqUis2ormJoMqRJpabVpw1hs9sUDw+kStuIDno7B3nUv63QKv2OY 7cYCX5wAnfEqGAOXtk8Pn49UQk2dWx7j7oJpAzxgdwkQARJJKmgKQTT2RtRRiuKdUPZ2 Nd8F56S+WvL26ErMUqbXLdxy4zeitjtHU+3ij/EsJpgS8CdxoMc+oHBVrcvsim+s84c4 Q/FQ== X-Gm-Message-State: AOAM533T5th9A+ruDMeAfMLv94HuG6RchEGt6+xwwJnSbgv+kHz1wC1Z wh6RRXxJ7kdNITzx9gZ/HQkcttEYh/E= X-Google-Smtp-Source: ABdhPJxO/YjjhaMvORy+na5V72SH5N3CKxWpyHv9QhGQGQD7FifW4E7KQOOmBqImxH9e87KWQp1ZwA== X-Received: by 2002:aa7:c34d:: with SMTP id j13mr65199052edr.308.1636127157173; Fri, 05 Nov 2021 08:45:57 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:56 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 19/36] libsepol: do not crash on user gaps Date: Fri, 5 Nov 2021 16:45:21 +0100 Message-Id: <20211105154542.38434-20-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Handle gaps in the user table while printing a policy configuration. ==24424==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004bdc55 bp 0x7ffc8790b810 sp 0x7ffc8790afb0 T0) ==24424==The signal is caused by a READ memory access. ==24424==Hint: address points to the zero page. #0 0x4bdc55 in __interceptor_strcmp (./out/binpolicy-fuzzer+0x4bdc55) #1 0x5ebdf6 in strs_cmp ./libsepol/src/kernel_to_common.c:253:9 #2 0x505669 in __interceptor_qsort (./out/binpolicy-fuzzer+0x505669) #3 0x5ebd84 in strs_sort ./libsepol/src/kernel_to_common.c:261:2 #4 0x564550 in write_user_decl_rules_to_conf ./libsepol/src/kernel_to_conf.c:2333:2 #5 0x55b137 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3190:7 #6 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #7 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #8 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #9 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #10 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #11 0x7f530128d7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #12 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/kernel_to_cil.c | 1 + libsepol/src/kernel_to_conf.c | 1 + 2 files changed, 2 insertions(+) diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index bb167647..d9dc3f73 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -2392,6 +2392,7 @@ static int write_user_decl_rules_to_cil(FILE *out, struct policydb *pdb) } for (i=0; i < pdb->p_users.nprim; i++) { + if (!pdb->p_user_val_to_name[i]) continue; rc = strs_add(strs, pdb->p_user_val_to_name[i]); if (rc != 0) { goto exit; diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index b2a42606..68dd2d32 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -2324,6 +2324,7 @@ static int write_user_decl_rules_to_conf(FILE *out, struct policydb *pdb) } for (i=0; i < pdb->p_users.nprim; i++) { + if (!pdb->p_user_val_to_name[i]) continue; rc = strs_add(strs, pdb->p_user_val_to_name[i]); if (rc != 0) { goto exit; From patchwork Fri Nov 5 15:45:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604997 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C111AC433F5 for ; Fri, 5 Nov 2021 15:46:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AAF5161108 for ; Fri, 5 Nov 2021 15:46:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233055AbhKEPsj (ORCPT ); Fri, 5 Nov 2021 11:48:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233160AbhKEPsj (ORCPT ); Fri, 5 Nov 2021 11:48:39 -0400 Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5AB4DC061205 for ; Fri, 5 Nov 2021 08:45:59 -0700 (PDT) Received: by mail-ed1-x52c.google.com with SMTP id o8so34462408edc.3 for ; Fri, 05 Nov 2021 08:45:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=pRwjPS0nNNxXSbcL7RPcb7125smJmsfdlpMvx6bncV4=; b=LJdk5G+Szvr5J54lCgE2xZS/MeZNUWm8Bd15dzE80yywQp4GlnyqiOx/eTDQUmIUpy VssyXlxUH+43F6AxVFMsQaEZokPY+/hAXwi33Qh1yBT1giFhvOIg4f2nvyBqGz01q/9C 6fOdvZKRbn+h2zdb+1KSSqnvia6Aa/Vy/u0wz3oETbCUm44+SLzMqQRFBMbXiO+ReLKJ opaeoK0hUIBcBRGSdPFuNSFfrZQHgst1Yg9A+CozVJcIVdPsw5ITKiVG8mpVnRJdsjCr L0gqEuCS10yEQ4vTm605qcmog5rYyeDzJZyEBu55AsH6y/8ILiKbpvMF7bBrVMz2Nt+s 2gkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pRwjPS0nNNxXSbcL7RPcb7125smJmsfdlpMvx6bncV4=; b=0j30VtxZwShLdNLEutPn2MU/VVp7xtz9ZW2hqWML96T60a5Ca6lPG2uC8buHEdlr0K qUFK2JkGTLOiKoHC0AMiiGqSFY4xmu153u2OE7Ln8GI1h/zQ5JzHRO+XR1tH3X4jWG78 cE6BlWpsSSyXVZ9AKxAzZMMC2LoBhgYIbbsGAUNX8aNTd+WohK4+dNcUTltK3M3IWBox t3VDJ9LRH/Wop1T2lpI5lAwQLQtTICZRf7t014WIZu2bC1eBbapBPpl3J1lIF1MakOql 8H612LKMS/XQcuG1U1FtZ0fDgm8scoSNZn6gmEGs0IkYanvRZWkFeym6PfMI3Smd19eR I7Lg== X-Gm-Message-State: AOAM530ZxaQGcHdmxswsoyTSQbaFCOl/rVu7iWUoHCKIkI3N60s9zXew WU8NLhalfxlPI2b3hUp6sV87Ivk3Nwk= X-Google-Smtp-Source: ABdhPJyB/p/2ndoKnrxd2N7M4gfRsarjoUswAKjhq/C6PqGoItXrUVgm2Q1nHjD5pArlmoi8k7UH+g== X-Received: by 2002:a05:6402:2753:: with SMTP id z19mr48638755edd.143.1636127157673; Fri, 05 Nov 2021 08:45:57 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:57 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 20/36] libsepol: use correct size for initial string list Date: Fri, 5 Nov 2021 16:45:22 +0100 Message-Id: <20211105154542.38434-21-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the number of categories not levels, which might be zero, for the string list initial size of categories. Signed-off-by: Christian Göttsche --- libsepol/src/kernel_to_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index 68dd2d32..dcdd4252 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -914,7 +914,7 @@ static int write_category_rules_to_conf(FILE *out, struct policydb *pdb) unsigned i, j, num; int rc = 0; - rc = strs_init(&strs, pdb->p_levels.nprim); + rc = strs_init(&strs, pdb->p_cats.nprim); if (rc != 0) { goto exit; } From patchwork Fri Nov 5 15:45:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12604999 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3D32AC433FE for ; Fri, 5 Nov 2021 15:46:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2688761245 for ; Fri, 5 Nov 2021 15:46:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233146AbhKEPsl (ORCPT ); Fri, 5 Nov 2021 11:48:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44832 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233252AbhKEPsk (ORCPT ); Fri, 5 Nov 2021 11:48:40 -0400 Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD394C061714 for ; Fri, 5 Nov 2021 08:46:00 -0700 (PDT) Received: by mail-ed1-x52c.google.com with SMTP id f4so34276224edx.12 for ; Fri, 05 Nov 2021 08:46:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=TpsQZvP2/3Bt8hzneRPE//fvOIRquXJ1qShM+ktaxq8=; b=FSdJPzzYDtkrDdpjYXRutFoiWrrtpFm3kpXMQuOZB6ylAqoNXyj/t6UTrZmHp6ZKDJ CfNdco0KfsfGvloVXO7l2sjh4Oew1Z7pioC7Bv4exELIge5/FkDKoCZwgL9zsXPcfnWn NRR39wEh9EXeaQ7wXCOmKeRZ7JGwxxEW1dDC21NJ/wT6v8CiS9e8OMTL46E2SzTaQD72 BVHuot5AEYBn9QAlwhv0Jgmfw0jrX0f6L2RF7gawvtvKLHcWUyO0+0RTry+ZgN04Eghj NpJFzoyYtTRWraLf3QzwZpL/dlZDGnpUHnkO+UMqdE4KEgiD50NmHyzX6at6SArs+JzW Kz0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TpsQZvP2/3Bt8hzneRPE//fvOIRquXJ1qShM+ktaxq8=; b=6kl5ZC419m+QzaTqRTzDHmdUyKSrNx6PG2gbky7zyOyeKr11SmzofvTTeee/lW81Lp 4C81gsxSBHYClRdJd1/msAhU1cBj8lTOW/X7ztGy92Fno5Be+qRHHyKVdBJP4Ws+BAkF N8yDS4az4dfptW4/yFKtvM6CFwjSpW3xlC2ad7Q9fRbhxGVN5LHH+w3R8NF4t9ex2G8B zZbRNThwoo4Yt8KJ58rkFymJrqSj9fjSYjMh09r7O/POvnuvzyPon5B+x8mr+9JEBpLp xUCGCTY/wDHFTf4lpeXdpK18d/T6lU+TJPT0VO0fqCU8jzAd1GM7OLEeVIOV3qCWCpdA AvlQ== X-Gm-Message-State: AOAM532R/MUsnwmpHJ4SB+5fq2HhLBe9F3bw7UDJ0DMObP1h+q9Jo6T/ zXDJLwwK+f4mFR30876p06doKoNfkXA= X-Google-Smtp-Source: ABdhPJyEdkVUxse+8YCephNiMNPw+CZbIxPOmqddD0JZxzpzDBtU7R7Qw3+FlF/MM0l6mtXOo120Qg== X-Received: by 2002:a17:907:7253:: with SMTP id ds19mr47659282ejc.476.1636127158225; Fri, 05 Nov 2021 08:45:58 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:57 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 21/36] libsepol: do not create a string list with initial size zero Date: Fri, 5 Nov 2021 16:45:23 +0100 Message-Id: <20211105154542.38434-22-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Currently is it implementation defined, due to the size being passed to calloc(3), whether the operations fails nor not. Also strs_add() does not handle a size of zero, cause it just multiplies the size by two. Use a default size of 1 if 0 is passed and swap the calloc arguments for consistency. Signed-off-by: Christian Göttsche --- libsepol/src/kernel_to_common.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c index 152f2816..9f5400c9 100644 --- a/libsepol/src/kernel_to_common.c +++ b/libsepol/src/kernel_to_common.c @@ -107,6 +107,10 @@ int strs_init(struct strs **strs, size_t size) { struct strs *new; + if (size == 0) { + size = 1; + } + *strs = NULL; new = malloc(sizeof(struct strs)); @@ -115,7 +119,7 @@ int strs_init(struct strs **strs, size_t size) return -1; } - new->list = calloc(sizeof(char *), size); + new->list = calloc(size, sizeof(char *)); if (!new->list) { sepol_log_err("Out of memory"); free(new); From patchwork Fri Nov 5 15:45:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605001 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95B9DC433F5 for ; Fri, 5 Nov 2021 15:46:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 781D761108 for ; Fri, 5 Nov 2021 15:46:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233252AbhKEPsl (ORCPT ); Fri, 5 Nov 2021 11:48:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44838 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233160AbhKEPsl (ORCPT ); Fri, 5 Nov 2021 11:48:41 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4EA5AC06120A for ; Fri, 5 Nov 2021 08:46:01 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id m14so33819447edd.0 for ; Fri, 05 Nov 2021 08:46:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=T4zoCLSNn+UWbrdzmPSjDWsR005sBygbIz7VlCCB5B8=; b=c1ki+bE2CMkS/q7u1zjC8j7abeF2GrfNtMn9G7bzPM14YjJ2S8ZtEDp5gthrxx6H98 hh78gHsZo2PlRxtNbo7O7rUJguyzzgHGuxyOb5icQabowm11Xf+M0DOKv0YExjk4Zkjs qf36TedJJRO+rXlIkQ5ircrozZIGyXky2OBgvYql9E9uSUCvqUItuT5pAdLX1r3h1JH8 B+2qfr2wSswYYyvkvjMX/zPi+7c2Dbh1nPwzERkYf7KcDP1Tdz6xDoJmFxt0BE5YGoXk UtGq44Bdq0i9+sZldEpKnpqL52Jc3ypRTxQgeBrzuF9hAEc2s28Je9toIG6U5SKZmzFC lXsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=T4zoCLSNn+UWbrdzmPSjDWsR005sBygbIz7VlCCB5B8=; b=iET412o96kkn7jJVn3V0JY6mC0+3ixlkK/Dd8DvqEWxGNRdCZ2QjpYnRst0+RX/Nbl zGJQm/XtuWSyMTOdvtVdhcL24ExDlwaymHBiVBLzqisbgdGD5ffb1vrQOdYkyvdln69+ CUFI/Tpb+38SA1lNOZ4skJdfw3t+ShlKLvUbEJTohDjfL26EF7zhh6jb09lUWNPbYETY XROGZHt54vVGofrLDLVw1KLnN6R4u3JkCugJU9ecuYrMFC6K/2iLbuhoJgPVcCKv2L63 YcKi/kr2oUtOaR3IO1eFbhyPjDwyHWr1G2H3svfvfGE3HGaynkqboGGfzb+JSTCBTN03 oB1Q== X-Gm-Message-State: AOAM531QKvFuv0+qquKZHRDPJ46q8zVIc7/aJFpDr+l/NR2TzktAsIWo QknC+TCyjKChuVr9o10ZTmBWQoHQuvc= X-Google-Smtp-Source: ABdhPJyXd5EuqLPCF7hXLAwdzH+gL4E+QrDHxip4u3gVcjFDuHOAG21wLvomdgpMiwjiPL9+XwZohw== X-Received: by 2002:a05:6402:42c8:: with SMTP id i8mr10586261edc.373.1636127158752; Fri, 05 Nov 2021 08:45:58 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:58 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 22/36] libsepol: split validation of datum array gaps and entries Date: Fri, 5 Nov 2021 16:45:24 +0100 Message-Id: <20211105154542.38434-23-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Split the validation of array datums regarding their gaps and entries to simplify further checking of common classes, booleans, levels and categories. Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 112 ++++++++++++++++++++----------- 1 file changed, 73 insertions(+), 39 deletions(-) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 5804d247..d4dfab5c 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -6,11 +6,19 @@ #include "debug.h" #include "policydb_validate.h" +#define bool_xor(a, b) (!(a) != !(b)) +#define bool_xnor(a, b) !bool_xor(a, b) + typedef struct validate { uint32_t nprim; ebitmap_t gaps; } validate_t; +typedef struct map_arg { + validate_t *flavors; + sepol_handle_t *handle; + int mls; +} map_arg_t; static int create_gap_ebitmap(char **val_to_name, uint32_t nprim, ebitmap_t *gaps) { @@ -211,6 +219,13 @@ bad: return -1; } +static int validate_class_datum_wrapper(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args) +{ + map_arg_t *margs = args; + + return validate_class_datum(margs->handle, d, margs->flavors); +} + static int validate_role_datum(sepol_handle_t *handle, role_datum_t *role, validate_t flavors[]) { if (validate_value(role->s.value, &flavors[SYM_ROLES])) @@ -231,6 +246,13 @@ bad: return -1; } +static int validate_role_datum_wrapper(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args) +{ + map_arg_t *margs = args; + + return validate_role_datum(margs->handle, d, margs->flavors); +} + static int validate_type_datum(sepol_handle_t *handle, type_datum_t *type, validate_t flavors[]) { if (validate_value(type->s.value, &flavors[SYM_TYPES])) @@ -247,6 +269,13 @@ bad: return -1; } +static int validate_type_datum_wrapper(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args) +{ + map_arg_t *margs = args; + + return validate_type_datum(margs->handle, d, margs->flavors); +} + static int validate_mls_semantic_cat(mls_semantic_cat_t *cat, validate_t *cats) { for (; cat; cat = cat->next) { @@ -310,32 +339,25 @@ bad: return -1; } -static int validate_datum_arrays(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) +static int validate_user_datum_wrapper(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args) +{ + map_arg_t *margs = args; + + return validate_user_datum(margs->handle, d, margs->flavors); +} + +static int validate_datum_array_gaps(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) { unsigned int i; for (i = 0; i < p->p_classes.nprim; i++) { - if (p->class_val_to_struct[i]) { - if (ebitmap_get_bit(&flavors[SYM_CLASSES].gaps, i)) - goto bad; - if (validate_class_datum(handle, p->class_val_to_struct[i], flavors)) - goto bad; - } else { - if (!ebitmap_get_bit(&flavors[SYM_CLASSES].gaps, i)) - goto bad; - } + if (bool_xnor(p->class_val_to_struct[i], ebitmap_get_bit(&flavors[SYM_CLASSES].gaps, i))) + goto bad; } for (i = 0; i < p->p_roles.nprim; i++) { - if (p->role_val_to_struct[i]) { - if (ebitmap_get_bit(&flavors[SYM_ROLES].gaps, i)) - goto bad; - if (validate_role_datum(handle, p->role_val_to_struct[i], flavors)) - goto bad; - } else { - if (!ebitmap_get_bit(&flavors[SYM_ROLES].gaps, i)) - goto bad; - } + if (bool_xnor(p->role_val_to_struct[i], ebitmap_get_bit(&flavors[SYM_ROLES].gaps, i))) + goto bad; } /* @@ -344,34 +366,43 @@ static int validate_datum_arrays(sepol_handle_t *handle, policydb_t *p, validate */ if (p->policyvers < POLICYDB_VERSION_AVTAB || p->policyvers > POLICYDB_VERSION_PERMISSIVE) { for (i = 0; i < p->p_types.nprim; i++) { - if (p->type_val_to_struct[i]) { - if (ebitmap_get_bit(&flavors[SYM_TYPES].gaps, i)) - goto bad; - if (validate_type_datum(handle, p->type_val_to_struct[i], flavors)) - goto bad; - } else { - if (!ebitmap_get_bit(&flavors[SYM_TYPES].gaps, i)) - goto bad; - } + if (bool_xnor(p->type_val_to_struct[i], ebitmap_get_bit(&flavors[SYM_TYPES].gaps, i))) + goto bad; } } for (i = 0; i < p->p_users.nprim; i++) { - if (p->user_val_to_struct[i]) { - if (ebitmap_get_bit(&flavors[SYM_USERS].gaps, i)) - goto bad; - if (validate_user_datum(handle, p->user_val_to_struct[i], flavors)) - goto bad; - } else { - if (!ebitmap_get_bit(&flavors[SYM_USERS].gaps, i)) - goto bad; - } + if (bool_xnor(p->user_val_to_struct[i], ebitmap_get_bit(&flavors[SYM_USERS].gaps, i))) + goto bad; } return 0; bad: - ERR(handle, "Invalid datum arrays"); + ERR(handle, "Invalid datum array gaps"); + return -1; +} + +static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) +{ + map_arg_t margs = { flavors, handle, p->mls }; + + if (hashtab_map(p->p_classes.table, validate_class_datum_wrapper, &margs)) + goto bad; + + if (hashtab_map(p->p_roles.table, validate_role_datum_wrapper, &margs)) + goto bad; + + if (hashtab_map(p->p_types.table, validate_type_datum_wrapper, &margs)) + goto bad; + + if (hashtab_map(p->p_users.table, validate_user_datum_wrapper, &margs)) + goto bad; + + return 0; + +bad: + ERR(handle, "Invalid datum array entries"); return -1; } @@ -762,7 +793,10 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p) if (validate_scopes(handle, p->scope, p->global)) goto bad; - if (validate_datum_arrays(handle, p, flavors)) + if (validate_datum_array_gaps(handle, p, flavors)) + goto bad; + + if (validate_datum_array_entries(handle, p, flavors)) goto bad; validate_array_destroy(flavors); From patchwork Fri Nov 5 15:45:25 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605003 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AEE21C433EF for ; Fri, 5 Nov 2021 15:46:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9771D61245 for ; Fri, 5 Nov 2021 15:46:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233160AbhKEPsm (ORCPT ); Fri, 5 Nov 2021 11:48:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44836 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233267AbhKEPsl (ORCPT ); Fri, 5 Nov 2021 11:48:41 -0400 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 49155C061205 for ; Fri, 5 Nov 2021 08:46:01 -0700 (PDT) Received: by mail-ed1-x532.google.com with SMTP id f4so34276502edx.12 for ; Fri, 05 Nov 2021 08:46:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=yHys3UiPKnhYsikWE9Oxx2ureNYyUBVxBSmN52aKrY0=; b=q4ySG158+j1ZbER37u0JISnjewSQqEqsTdnTmMRuoa7O9+WUyYYtl37fC4CH3OMX8I +1McFDFsgFoSrH1FsS4AM1NtY/+lamhi1ZlpDqHXGhr94sK/xlJ6UqR0x4Fa0Ol4pPd1 wrNdxeYRbiuENouXTnlPgxEJl2+hbIe3VP2yjlIhaloelRoTfIYEvJLv2t3OrP9sKOuF UdpwGxKfptrFLwOt8UilH5xGONJuXSm1vJyUFMGchMvsNGJa4x4Wr7pByLkwQM5DTLX6 qY0XYPVOBto4ICBmPGy5HtePQD/hRwEZvN+b3BHy6xfBfuTV19vTH1MhRVzhLSzS0SEw stTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=yHys3UiPKnhYsikWE9Oxx2ureNYyUBVxBSmN52aKrY0=; b=HdRgndB8IrT/kWdliwZWBYYWGOP4/MMsvltf9Cbf23XTCdW0d4P644IY2CquuuX1CX FDWSDlpxPlsX9e1NtSGAWG5YB1cFi/UJkjwBQ3Tu/CtGwmAFT3CAPwkA+ppvqLYmF7Vq VovsJKoV9ahE43il4HvebN4iR+ejMCiTq1y2+rCgWdWQbZnQaJ2WrdE1rALzXaVFiqB1 7L8VAVdsI92/3FTWuvz+sxmWW8kGD505/+xs2MDFAyeVc6J91+I0ObjSuZ0Ns8h3ituB h6wTZhHcpIO0uKcesRD8oFNtGOi5e/u5qKTq6H2z9B/7+jwt7az0b/XmSteVuVs4qP/g ddEA== X-Gm-Message-State: AOAM533NqmnTWMZVxg2VG4MXl4z/33cGEcC/Is1JpzUV26FPM6UJ8KOj Mrp7HpokU0jEbBEWzuWdYpNFgOqR/Ow= X-Google-Smtp-Source: ABdhPJy0fESnjVrkE0Xam6qjehINy3wNlOOJAje5TzAKdDy3qnOz7dS8gz1EXEY7iH+oSNe26jroCg== X-Received: by 2002:a17:907:97cc:: with SMTP id js12mr4372018ejc.175.1636127159324; Fri, 05 Nov 2021 08:45:59 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:59 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 23/36] libsepol: validate MLS levels Date: Fri, 5 Nov 2021 16:45:25 +0100 Message-Id: <20211105154542.38434-24-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Validate the level map of the policy to ensure no level refers to a non existent category. READ of size 8 at 0x602000000c58 thread T0 #0 0x568d2c in cats_ebitmap_len ./libsepol/src/kernel_to_conf.c:1003:14 #1 0x568d2c in cats_ebitmap_to_str ./libsepol/src/kernel_to_conf.c:1038:19 #2 0x55e371 in write_level_rules_to_conf ./libsepol/src/kernel_to_conf.c:1106:11 #3 0x55e371 in write_mls_rules_to_conf ./libsepol/src/kernel_to_conf.c:1140:7 #4 0x55adb1 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3103:7 #5 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #6 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #7 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #8 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #9 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #10 0x7f741d0d67ec in __libc_start_main csu/../csu/libc-start.c:332:16 #11 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index d4dfab5c..03ab4445 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -319,6 +319,27 @@ bad: return -1; } +static int validate_mls_level(mls_level_t *level, validate_t *sens, validate_t *cats) +{ + if (validate_value(level->sens, sens)) + goto bad; + if (validate_ebitmap(&level->cat, cats)) + goto bad; + + return 0; + + bad: + return -1; +} + +static int validate_level_datum(__attribute__ ((unused)) hashtab_key_t k, hashtab_datum_t d, void *args) +{ + level_datum_t *level = d; + validate_t *flavors = args; + + return validate_mls_level(level->level, &flavors[SYM_LEVELS], &flavors[SYM_CATS]); +} + static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[]) { if (validate_value(user->s.value, &flavors[SYM_USERS])) @@ -399,6 +420,9 @@ static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, v if (hashtab_map(p->p_users.table, validate_user_datum_wrapper, &margs)) goto bad; + if (p->mls && hashtab_map(p->p_levels.table, validate_level_datum, flavors)) + goto bad; + return 0; bad: From patchwork Fri Nov 5 15:45:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605009 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 507E3C433FE for ; Fri, 5 Nov 2021 15:46:11 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4012F61108 for ; Fri, 5 Nov 2021 15:46:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233409AbhKEPst (ORCPT ); Fri, 5 Nov 2021 11:48:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233436AbhKEPsn (ORCPT ); Fri, 5 Nov 2021 11:48:43 -0400 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C1DFC06120A for ; Fri, 5 Nov 2021 08:46:03 -0700 (PDT) Received: by mail-ed1-x52e.google.com with SMTP id ee33so34759053edb.8 for ; Fri, 05 Nov 2021 08:46:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=/QgjYSu1JvpgUvCJeefqojarJQO7cv7F5h+TErWmEHI=; b=cJnDpoMPfZA2p7S7/v0M1GfVByNfzxATqrf0GoZEq+/E9D7vdmVLoPmrRI4yVV23ZX rXRmYZEOztxYFhLQKcZWXhqO+1AUtjP5Lv1sjqtlqJEU/QNyqibUc8KpXk0ytSmqKQMN c86ijiJamIrri2q3tKrqS5koSz85Nf4M4PC+4IozDbb0O/34pcrqC3tWH/7eaLmmDLaL BItRVfWzz4Mj6n0cOro8PdBZHP9b1Oyvh9PSCrJxjurJ+LgpOZ/1iLMtvD7GNrgUNVN4 iG6jromAaOguqlKVyJE2KzGStnzNs6dfo0PYajIay9ZjmuJYJvqELq1SpwJ9uG1viG8J /iiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/QgjYSu1JvpgUvCJeefqojarJQO7cv7F5h+TErWmEHI=; b=1qDBuzkmPR7rxpBmWYSNQlH6LNGqrn7WR34dpWsGCd+/C2oA6wy61RSoschkvjeJ5k sK+6XBmqKZAnC7vTesEqqxrvR6DoHTgqAdhNqy8AF0hBaOyedyKj5xRw0Lze11PuPmIJ cVcZSC2h9whd2jwWe4JRj+noS4wdZP1FOVzwPy7089s35RsQ2BUhd0VNwWPEFN93D20F uSGUwk7hPKVYi8UmJ4kkI/zqIiuaa4xajqvQH/WIzlADF3oynrThJo1IMNlRv0NYCAhw fS/MUgI1BH26amsb8VYrLOqupIlHBFfi3glIJIMGt4/lx1ZTV0qxdAEc1x7/35X1EXV5 Ummg== X-Gm-Message-State: AOAM530RE3WnThoHLQC56lu2b3q2dG7+4/IhTwVxsMloGjHuz4uXsv7i G/zkziwPG0WAsTb+Vxy8TR6pwnaVYoo= X-Google-Smtp-Source: ABdhPJz9l11NyhuIb4Fd8KvVvKxm1aBd+Y893v3qBFUjHRxsedp0iUlL1BPijSljhBGfR4CrcENwIw== X-Received: by 2002:a05:6402:2693:: with SMTP id w19mr15400181edd.257.1636127159984; Fri, 05 Nov 2021 08:45:59 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.45.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:45:59 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 24/36] libsepol: validate expanded user range and level Date: Fri, 5 Nov 2021 16:45:26 +0100 Message-Id: <20211105154542.38434-25-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check those contains valid values. ==57532==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x603000001178 at pc 0x000000564c04 bp 0x7ffed7a5ad90 sp 0x7ffed7a5ad88 READ of size 8 at 0x603000001178 thread T0 #0 0x564c03 in level_to_str ./libsepol/src/kernel_to_conf.c:1901:19 #1 0x564c03 in range_to_str ./libsepol/src/kernel_to_conf.c:1926:9 #2 0x564c03 in write_user_decl_rules_to_conf ./libsepol/src/kernel_to_conf.c:2367:12 #3 0x55b137 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3184:7 #4 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #5 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #6 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #7 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #8 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #9 0x7f2c2e1a77ec in __libc_start_main csu/../csu/libc-start.c:332:16 #10 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 03ab4445..adaa3fb2 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -340,7 +340,20 @@ static int validate_level_datum(__attribute__ ((unused)) hashtab_key_t k, hashta return validate_mls_level(level->level, &flavors[SYM_LEVELS], &flavors[SYM_CATS]); } -static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[]) +static int validate_mls_range(mls_range_t *range, validate_t *sens, validate_t *cats) +{ + if (validate_mls_level(&range->level[0], sens, cats)) + goto bad; + if (validate_mls_level(&range->level[1], sens, cats)) + goto bad; + + return 0; + + bad: + return -1; +} + +static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], int mls) { if (validate_value(user->s.value, &flavors[SYM_USERS])) goto bad; @@ -350,6 +363,10 @@ static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, valid goto bad; if (validate_mls_semantic_level(&user->dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) goto bad; + if (mls && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) + goto bad; + if (mls && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) + goto bad; if (user->bounds && validate_value(user->bounds, &flavors[SYM_USERS])) goto bad; @@ -364,7 +381,7 @@ static int validate_user_datum_wrapper(__attribute__((unused)) hashtab_key_t k, { map_arg_t *margs = args; - return validate_user_datum(margs->handle, d, margs->flavors); + return validate_user_datum(margs->handle, d, margs->flavors, margs->mls); } static int validate_datum_array_gaps(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) From patchwork Fri Nov 5 15:45:27 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605007 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75541C433EF for ; Fri, 5 Nov 2021 15:46:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5EC9261108 for ; Fri, 5 Nov 2021 15:46:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233484AbhKEPss (ORCPT ); Fri, 5 Nov 2021 11:48:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44858 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233409AbhKEPsn (ORCPT ); Fri, 5 Nov 2021 11:48:43 -0400 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9C819C06120B for ; Fri, 5 Nov 2021 08:46:03 -0700 (PDT) Received: by mail-ed1-x532.google.com with SMTP id x15so3302643edv.1 for ; Fri, 05 Nov 2021 08:46:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=D25LEwVKPJc1kp1Gs1pKnU188dh+IRlwvQBUij1KciU=; b=X+kKmtzbcq+1PAOE5FnzxVjf6NqUKQErp/HFW9Oub6uowVlXlEhEbMIl6HamTKciac ANXbCohilqe3vMMIaUTiHWoMG2sdVeNhfoxxzqx1UNipf+cafeNdecvhLT6HO9n1a1SB hzwZzNXisHzaXYQjKWZgTB+4qJvMZJOa8qnEQHM7kTXhzJNhs+tQ1wE+6YoTSM6N20ww f0jHjlLyEFz+HJF7DbcSDkr1J8GNEU/rofC7nFjknYt+GzqoQR/MmYjaubTppVwSLT5b QxMJEefKFZojn0IkCuSdv49gMPBZR4jrhbQb6mrbDWCdV1zt9BL5uRapqvVkQagxym2l OzsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=D25LEwVKPJc1kp1Gs1pKnU188dh+IRlwvQBUij1KciU=; b=hDbF6uHny5X/Ogxi5wMRYrb3copaXIO4CKkRjiAiJJ07FkVP183jvCtwZeuM5o+LFD /L5H1xs4XaNJisTaLfefk+Hpwo84g0aaNnqiGv4fuyGT3q4/nwunFNnjm4LuS8/aF0hl Ogn0LV8CYtfLkq0BoaypaM+1w4NDzKjhmiTo0o6G8wW5Uw8Bv8cu4ZojZ+K6JX/ithgI fXPdxiZPZRE4f3e7VUfBWKDe3cIRkwqpEamiNszRsilayGHYYnZIKPgMj5vp9I0uENX6 kTG7fUi73t4aDXz0MNRWTdYZ8he3l9FtiSgfJUeShjE28bWUFLzHYd9uzVdA1tDEXqBJ wtCw== X-Gm-Message-State: AOAM533nMnT2rBv576SCtYLJW7njKkTzAFG4u9LCJ7UXfMGw0aNz4PPe aWnFZCe4Uhe4Aq1mQUbqswTG/It1/sU= X-Google-Smtp-Source: ABdhPJyQUEs7oFd577Bhftwbb3iwIduV0femxbtJV0NNs5hVqerL9d7lazBQZwbaqyR0BoTxuAaMgw== X-Received: by 2002:a50:e0c3:: with SMTP id j3mr79058160edl.97.1636127162148; Fri, 05 Nov 2021 08:46:02 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:01 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 25/36] libsepol: validate permission count of classes Date: Fri, 5 Nov 2021 16:45:27 +0100 Message-Id: <20211105154542.38434-26-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check a common class or a class together with its common class parent does not have more than the supported 32 permissions. ==28413==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f74ec3341a3 bp 0x7ffd0b7e5030 sp 0x7ffd0b7e47e8 T0) ==28413==The signal is caused by a READ memory access. ==28413==Hint: address points to the zero page. #0 0x7f74ec3341a3 string/../sysdeps/x86_64/multiarch/../strchr.S:32 #1 0x4bfc78 in strchr (./out/binpolicy-fuzzer+0x4bfc78) #2 0x55b7f2 in class_constraint_rules_to_strs ./libsepol/src/kernel_to_conf.c:288:7 #3 0x55b7f2 in constraint_rules_to_strs ./libsepol/src/kernel_to_conf.c:364:9 #4 0x55ac80 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3071:7 #5 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #6 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #7 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #8 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #9 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #10 0x7f74ec2be7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #11 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- v2: also check common classes --- libsepol/src/policydb_validate.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index adaa3fb2..e8d70585 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -211,6 +211,8 @@ static int validate_class_datum(sepol_handle_t *handle, class_datum_t *class, va goto bad; if (validate_constraint_nodes(handle, class->validatetrans, flavors)) goto bad; + if (class->permissions.nprim > PERM_SYMTAB_SIZE) + goto bad; return 0; @@ -226,6 +228,25 @@ static int validate_class_datum_wrapper(__attribute__((unused)) hashtab_key_t k, return validate_class_datum(margs->handle, d, margs->flavors); } +static int validate_common_datum(sepol_handle_t *handle, common_datum_t *common) +{ + if (common->permissions.nprim > PERM_SYMTAB_SIZE) + goto bad; + + return 0; + +bad: + ERR(handle, "Invalid common class datum"); + return -1; +} + +static int validate_common_datum_wrapper(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args) +{ + map_arg_t *margs = args; + + return validate_common_datum(margs->handle, d); +} + static int validate_role_datum(sepol_handle_t *handle, role_datum_t *role, validate_t flavors[]) { if (validate_value(role->s.value, &flavors[SYM_ROLES])) @@ -425,6 +446,9 @@ static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, v { map_arg_t margs = { flavors, handle, p->mls }; + if (hashtab_map(p->p_commons.table, validate_common_datum_wrapper, &margs)) + goto bad; + if (hashtab_map(p->p_classes.table, validate_class_datum_wrapper, &margs)) goto bad; From patchwork Fri Nov 5 15:45:28 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605011 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 59E33C433F5 for ; Fri, 5 Nov 2021 15:46:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4214C61108 for ; Fri, 5 Nov 2021 15:46:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233468AbhKEPsu (ORCPT ); Fri, 5 Nov 2021 11:48:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44866 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233450AbhKEPso (ORCPT ); Fri, 5 Nov 2021 11:48:44 -0400 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A94E4C061714 for ; Fri, 5 Nov 2021 08:46:04 -0700 (PDT) Received: by mail-ed1-x52e.google.com with SMTP id f4so34277182edx.12 for ; Fri, 05 Nov 2021 08:46:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=jzKfVZkV3dgFA3SsACKwZ8re2XytntIUNt5Z2i3tnFE=; b=R2tZJLCIEEUvgiMGenk4xd/6qAR8tgE+Sk3+bX17u0r4ncY0GPkcY5UTr+4Ajjj592 FRCYvVhhCb+d6WWltZjJxIFQVtKTggqWcC9echPX5OD6YcNq5LkFh54ksEuGwIvHP3KN f7Gl6B9Q3OaCZc1f4/Av8GMUWIkJmTwVk9al3G0qOMxzLM0GSggEtR0+QGVVf/HpYhrq ZIwdgYu1ChPcnKveVdLZT8vyRUyl2DPxjSjrPiQD5aRFFGNIiEpuK24NkaHsX3xFEMAj jPMl6COeI9mHn5Insz8sKXUpGbGegKE7g78VPW7UTXngIyD6I9srSzuEhDoIOY+ngA+U lYOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=jzKfVZkV3dgFA3SsACKwZ8re2XytntIUNt5Z2i3tnFE=; b=TgZUNhSuo4VlUrfH5u2Z0ANj5tl0HVQRaiD71HKzwEirC345G8Cgt0BpBnleuKu2n4 Zix/Uk/KXmzumSHrBVPtH0QzpM1HfgrNFDshvPG9ESWDxfLq3ghKbUbOE3/aTT1PMAzP TPf9zl4viVYq3FfOHg0YCu9yU+6huyRB1ATXv02vUqs2lwXk3HmeNYx3YJKiJfj2V12W GsEncbR1cZcmTWBq0XHSx7SCoyvDGvDgEmyoU3qnM5GLPyX8HTYbJcWEfCow3cj3RVjN EZpw6zWor2cXhmIkx2L18ky2gkH92hoY0VgLI6kFPY4C9FySyWowXnUtZYco6g7uSFV2 y8Zg== X-Gm-Message-State: AOAM532S4U1dOHIgcanvGOecYq2Njnun0IxC9oyy8/ZjJJNaDwbHPuYi OuiXK2gL7SWP6bbwus+4boMkh0sBxF4= X-Google-Smtp-Source: ABdhPJxHLEzw11V0ShfqRrbBEmTTjAkbkU0FcnS2m4QIeAk3n8MsKr94Rq9Wz8UBG7zT1Faxl+nmFA== X-Received: by 2002:a50:d4d1:: with SMTP id e17mr78909491edj.348.1636127162715; Fri, 05 Nov 2021 08:46:02 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:02 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 26/36] libsepol: resolve log message mismatch Date: Fri, 5 Nov 2021 16:45:28 +0100 Message-Id: <20211105154542.38434-27-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index e8d70585..82193379 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -263,7 +263,7 @@ static int validate_role_datum(sepol_handle_t *handle, role_datum_t *role, valid return 0; bad: - ERR(handle, "Invalid class datum"); + ERR(handle, "Invalid role datum"); return -1; } From patchwork Fri Nov 5 15:45:29 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605015 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 888ECC433FE for ; Fri, 5 Nov 2021 15:46:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7045C61108 for ; Fri, 5 Nov 2021 15:46:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233267AbhKEPsw (ORCPT ); Fri, 5 Nov 2021 11:48:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44868 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232665AbhKEPso (ORCPT ); Fri, 5 Nov 2021 11:48:44 -0400 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ACE4EC061208 for ; Fri, 5 Nov 2021 08:46:04 -0700 (PDT) Received: by mail-ed1-x534.google.com with SMTP id w1so34806122edd.10 for ; Fri, 05 Nov 2021 08:46:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=VXhXii7NYI14x1OOMpMPTCEKzbtSCi7j55DkhoF+Fhk=; b=Mo2iI+5D2D58nPJgJIURwSXEuDKMU48xigHSweMmrEfKeLJTIw6kklhssP2LAhCeJn tVCYdHMrYj58BVDDmK1mVNk9NMFnQnLS47A2hA1DIbXPhigi0xeGUMa8Ajh/pbfEdDnH FwmPXI7Y52fxwJ5yctvISxNH5HojdYBGArqbD0gSMkY8BalAh7ZEjNz42evfMXtIrNDu B8p8pLdqTZVQSv3NmWjiw27F02XG6Upg8Xe7pSD4WjbuIlzkqplIVFwK/aycv75WZmfu jZFTVXpRo6WpKvkd/0A7Uh3hh5eRiP5d0gHBwaBk4Ke7EaD9nCs0uMy5JI7ymNB1Pj9F 5E+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VXhXii7NYI14x1OOMpMPTCEKzbtSCi7j55DkhoF+Fhk=; b=C7eD3Zw5F+q/0b6U+bKSkyjOXnvdp0Io3p1cl5M2gveXXmCt4WK03SVKiVe7hmDr/l PMY/IVxWnpbTBSdtl7CnguUsGE+zW7W1//tOwTrfXUMbVdwJNJwVGQyDvW1t349KPpRb EPPopSrHe3h18fS81vf/q+R+jNc6N+z/it0Dt4PU1ay5+fhacRzklskSKrzUgYQliHtF POx2HjP3eOS3AcRH2dA+3FpJY+Cz/lFydrdUkB4MVBCfwwwbjs2TXHqp3RDvmG8WaTCt C1c3W3XD0k677JwVqtt1ETQmJhuhyzwX26oT4JoSWp4sqm6mcnGY0izw7k13DM4JvrST sKGw== X-Gm-Message-State: AOAM5327JrE49OzkAAgBT1P/EAQIgLHtA7xj8bREuiBwL94olrKg8ArF aOyk9UZqZvc+1RxSXSAHQSyMtb0SSAY= X-Google-Smtp-Source: ABdhPJwakgHxy3SPWEnX9AKs9D5PF960F4yehl1nuK+9SHeobwszawK8RbEMQu545qPzy9eQs7YRaQ== X-Received: by 2002:a50:950b:: with SMTP id u11mr79320711eda.121.1636127163255; Fri, 05 Nov 2021 08:46:03 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:02 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 27/36] libsepol: validate avtab and avrule types Date: Fri, 5 Nov 2021 16:45:29 +0100 Message-Id: <20211105154542.38434-28-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check for invalid avtab or avrule types. Signed-off-by: Christian Göttsche --- v2: also check avrule types --- libsepol/src/policydb_validate.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 82193379..5ef95c61 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -483,6 +483,20 @@ static int validate_avtab_key(avtab_key_t *key, validate_t flavors[]) goto bad; if (validate_value(key->target_class, &flavors[SYM_CLASSES])) goto bad; + switch (0xFFF & key->specified) { + case AVTAB_ALLOWED: + case AVTAB_AUDITALLOW: + case AVTAB_AUDITDENY: + case AVTAB_XPERMS_ALLOWED: + case AVTAB_XPERMS_AUDITALLOW: + case AVTAB_XPERMS_DONTAUDIT: + case AVTAB_TRANSITION: + case AVTAB_MEMBER: + case AVTAB_CHANGE: + break; + default: + goto bad; + } return 0; @@ -536,6 +550,23 @@ static int validate_avrules(sepol_handle_t *handle, avrule_t *avrule, validate_t if (validate_value(class->tclass, &flavors[SYM_CLASSES])) goto bad; } + switch(avrule->specified) { + case AVRULE_ALLOWED: + case AVRULE_AUDITALLOW: + case AVRULE_AUDITDENY: + case AVRULE_DONTAUDIT: + case AVRULE_NEVERALLOW: + case AVRULE_TRANSITION: + case AVRULE_MEMBER: + case AVRULE_CHANGE: + case AVRULE_XPERMS_ALLOWED: + case AVRULE_XPERMS_AUDITALLOW: + case AVRULE_XPERMS_DONTAUDIT: + case AVRULE_XPERMS_NEVERALLOW: + break; + default: + goto bad; + } } return 0; From patchwork Fri Nov 5 15:45:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605013 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D21B6C433EF for ; Fri, 5 Nov 2021 15:46:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C063561108 for ; Fri, 5 Nov 2021 15:46:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233396AbhKEPsw (ORCPT ); Fri, 5 Nov 2021 11:48:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44874 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233294AbhKEPsp (ORCPT ); Fri, 5 Nov 2021 11:48:45 -0400 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 571C1C06120D for ; Fri, 5 Nov 2021 08:46:05 -0700 (PDT) Received: by mail-ed1-x52f.google.com with SMTP id g14so34006512edz.2 for ; Fri, 05 Nov 2021 08:46:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Q2yn6KlZEOXg6v4y/fwUWCIEnFK+T+hsemWr6Rl1Los=; b=fVMCtOElDbAfmAq14BvUWzfwL8YhS2xkOrhqU3BHJzzSC6b+xfjktvCD3TEo0vE4yw RikwPRBEG4Crc40TBVjX2Fl0VIBAnvq4b5gGNEEd6at4JSe7tdmm3sGs8WpP6Rqnxbob WUkTZJBYGk4gh1Q69g9r/KM0bdeQ2+Qf3ZQHqeT/ksN8HUnSo2vQHlsvnBIA3SRh3x5M EzGhKT22CTgcfcyXI+Ken+xXTg+ziMVFjmr+bF5xY+yO3NUDtw8WuIX6EsBKJUnQfGrL QA1dGZ1qGI2vgJXJrtvS8RPH1NKJ7cYzA0sOauHMoMzVdiTFmTBkpsByuYbjIa8RCLtC tEuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Q2yn6KlZEOXg6v4y/fwUWCIEnFK+T+hsemWr6Rl1Los=; b=EV6+tnrXPKy6csQ6Fgolbp+wufqIXfjUtf7fRZS8LPaf89qprry0+nDAvMFbWkAlmH 6V0N7ABfhhum6S17LYsUCY5nlzSiVWZ4TJTBuQVP6zxT+scP/uYBc/xK+PcCNvUiRVzd 487v7fkcUxDdKIZqnHKAha8PiS0rvVepJMJ5krru9xq/0Dq9MRydE8zcRQkUMKbmZVWF 0fH55sn11mOR1NKLpxxSBXfCu/rW5OOogdawALar8Y1kCEXsf3GaDUnYRl+KbJYV8JKF DXm+fcH4uc0OBsUiqrfoqPYwgAwd+65/ObnKBnVvX8sqWmL/rbc/AMvZ+EG2XzccQcOl YEhw== X-Gm-Message-State: AOAM530W9qIsrjPBF3E/WK1kfJNQuW9M50Y16qCxDuMX1XxxVCi9L7SH hHNn+oZW2n4/TxRf4KiN7Y5D8ueWYD4= X-Google-Smtp-Source: ABdhPJyNJLKpBd1p8km9KN8NOVWbwLXeESVK3c5hCcuL4ZHARJCGX/gG23j4iSgSpGFje/bQkp4Jpg== X-Received: by 2002:a17:906:3f87:: with SMTP id b7mr63972795ejj.172.1636127163873; Fri, 05 Nov 2021 08:46:03 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:03 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 28/36] libsepol: validate constraint expression operators and attributes Date: Fri, 5 Nov 2021 16:45:30 +0100 Message-Id: <20211105154542.38434-29-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 43 ++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 5ef95c61..25c6f0db 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -193,6 +193,49 @@ static int validate_constraint_nodes(sepol_handle_t *handle, constraint_node_t * if (validate_type_set(cexp->type_names, &flavors[SYM_TYPES])) goto bad; } + + if (cexp->expr_type == CEXPR_ATTR || cexp->expr_type == CEXPR_NAMES) { + switch (cexp->op) { + case CEXPR_EQ: + case CEXPR_NEQ: + case CEXPR_DOM: + case CEXPR_DOMBY: + case CEXPR_INCOMP: + break; + default: + goto bad; + } + + switch (cexp->attr) { + case CEXPR_USER: + case CEXPR_USER | CEXPR_TARGET: + case CEXPR_USER | CEXPR_XTARGET: + case CEXPR_ROLE: + case CEXPR_ROLE | CEXPR_TARGET: + case CEXPR_ROLE | CEXPR_XTARGET: + case CEXPR_TYPE: + case CEXPR_TYPE | CEXPR_TARGET: + case CEXPR_TYPE | CEXPR_XTARGET: + case CEXPR_L1L2: + case CEXPR_L1H2: + case CEXPR_H1L2: + case CEXPR_H1H2: + case CEXPR_L1H1: + case CEXPR_L2H2: + break; + default: + goto bad; + } + } else { + switch (cexp->expr_type) { + case CEXPR_NOT: + case CEXPR_AND: + case CEXPR_OR: + break; + default: + goto bad; + } + } } } From patchwork Fri Nov 5 15:45:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605017 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7006C4332F for ; Fri, 5 Nov 2021 15:46:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D0DB461108 for ; Fri, 5 Nov 2021 15:46:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229581AbhKEPsx (ORCPT ); Fri, 5 Nov 2021 11:48:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44880 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231209AbhKEPsq (ORCPT ); Fri, 5 Nov 2021 11:48:46 -0400 Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D81CAC06120E for ; Fri, 5 Nov 2021 08:46:05 -0700 (PDT) Received: by mail-ed1-x532.google.com with SMTP id c8so17814967ede.13 for ; Fri, 05 Nov 2021 08:46:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=3w7t+e9GEyPP8ldO763nnFplvtGbJWWrlSrOtODVyRc=; b=LDHT2f7WOxaJ7FOw2nYyGNAbBhHfbHpkcFHs9qq71iMZQwh9um+qA0lhqkJq6cFY9Q 3+hbVWNUKzhQNEQ2fpTVdSY92WFCswwBJm5iYGkCRjylkGXS8XKW3GVM1gjlRuom+pqg Y0cB0r3mSki6CiQvOOv+ELZta4CZjcq4tBRFmpk6aInpJRuMlhdjPn3pzwzjEbvI3IK9 ZENiYxdih7mtkLXFdfIC+/TYAatiOimQ2HAD4GOzstQ50zE3JbKOJOZ0GWLzBc0lSARJ QV3XsDqtwZG8OUH+swgBMAfG3zL15RcjZ4RFKrjHgYTsWvMhAHtA6aEk2t01EIbhOqUp KKOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3w7t+e9GEyPP8ldO763nnFplvtGbJWWrlSrOtODVyRc=; b=OkeMmDBBzmqyiklOfXg5mXe6pqDBIbfuYdHhMZkS9ECMdPI02Rnj9E6mrzXRK+ssqH 7E6z5HOq4928mW/EE3mTFvKDRAoI17S4yGdWGUTzOHrWdQMQ6/9hnCGq54ws7TwPux8i m0ZZYW9mMPWsJrbtxdbmAhiXIVuGT4k4mv4woJRGFHwpOuUy3RW9kRL17Bg4bY8YZYbn FZMHAFjbEs2uDcyHltpGsEGBk1596eFqPi9GCDgEotwlnjmDkWVNF1cOMziSAOh+QLJO KmlrL5zZerIgplv8gska1Te16gm80AlpKkyKYPqBqXp2cSw3f1kn+LgUWhE4nouc+t6C Wv3A== X-Gm-Message-State: AOAM531mBaY+F3IOUrUo3PaOKvEtXc+mTFEpNRpAAkXe1xiVQ5h0oD7z KwNPWajZI8WBwkOne8Z/2QfAS12YrmU= X-Google-Smtp-Source: ABdhPJxcdPYWwuP/wnywhawZPXKnCCM4IEpfpGyVXbl+6hm6Di5aFFak0HKjwNLFQjuByP0Qx/989Q== X-Received: by 2002:a17:907:7d88:: with SMTP id oz8mr13740231ejc.173.1636127164453; Fri, 05 Nov 2021 08:46:04 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:04 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 29/36] libsepol: validate type of avtab type rules Date: Fri, 5 Nov 2021 16:45:31 +0100 Message-Id: <20211105154542.38434-30-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org ==80903==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000005c0 at pc 0x0000005696c8 bp 0x7ffdb11ea560 sp 0x7ffdb11ea558 READ of size 8 at 0x6020000005c0 thread T0 #0 0x5696c7 in avtab_node_to_str ./libsepol/src/kernel_to_conf.c:1736:9 #1 0x569013 in map_avtab_write_helper ./libsepol/src/kernel_to_conf.c:1767:10 #2 0x5ab837 in avtab_map ./libsepol/src/avtab.c:347:10 #3 0x561f9a in write_avtab_flavor_to_conf ./libsepol/src/kernel_to_conf.c:1798:7 #4 0x561f9a in write_avtab_to_conf ./libsepol/src/kernel_to_conf.c:1819:8 #5 0x55afba in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3159:7 #6 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #7 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #8 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #9 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #10 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #11 0x7f97a83fd7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #12 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 25c6f0db..57eb2550 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -547,15 +547,22 @@ bad: return -1; } -static int validate_avtab_key_wrapper(avtab_key_t *k, __attribute__ ((unused)) avtab_datum_t *d, void *args) +static int validate_avtab_key_and_datum(avtab_key_t *k, avtab_datum_t *d, void *args) { validate_t *flavors = (validate_t *)args; - return validate_avtab_key(k, flavors); + + if (validate_avtab_key(k, flavors)) + return -1; + + if ((k->specified & AVTAB_TYPE) && validate_value(d->data, &flavors[SYM_TYPES])) + return -1; + + return 0; } static int validate_avtab(sepol_handle_t *handle, avtab_t *avtab, validate_t flavors[]) { - if (avtab_map(avtab, validate_avtab_key_wrapper, flavors)) { + if (avtab_map(avtab, validate_avtab_key_and_datum, flavors)) { ERR(handle, "Invalid avtab"); return -1; } From patchwork Fri Nov 5 15:45:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605019 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3622CC433F5 for ; Fri, 5 Nov 2021 15:46:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1D69761108 for ; Fri, 5 Nov 2021 15:46:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231209AbhKEPsy (ORCPT ); Fri, 5 Nov 2021 11:48:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44882 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232890AbhKEPsr (ORCPT ); Fri, 5 Nov 2021 11:48:47 -0400 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 644FBC06120F for ; Fri, 5 Nov 2021 08:46:06 -0700 (PDT) Received: by mail-ed1-x531.google.com with SMTP id m14so33820726edd.0 for ; Fri, 05 Nov 2021 08:46:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=cLA1/U6XziBz1FJ6AcM0NZKdpo+L/CFD2Wbacs5se8g=; b=G8t5sDTR5lnUdSggofmUJcn/BPpvPLqv1umjHpDlzCDdBaAatD/Kuxsc7NtWTyCFu+ 8I8yfp8iRFMeOrchffVwnjFpTuDOFYv51L3klgEZPR76zzOIyMSCL7DavSXB/+mrfgYp i5hLmqBSs0fUlFaI/AH8W6k0CWPKxliC2bIpolwQJLRbbrP/30LhqeHLKr+AKkSPZr7L JIqdowxMaOCigsVHZt94B3wZYJQylsG8V6aQWPXvwX9n0Vi+Lp8angi2Zsv7yaCtBvGT pwBNLF5UEPtgiT5rylvRRZ99knpEaoasW4StJxGRq+4QR9kh/ukmcqKkoV6fw6M3n/K0 yvSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=cLA1/U6XziBz1FJ6AcM0NZKdpo+L/CFD2Wbacs5se8g=; b=5atf4ptEOZMmMmP7cszdvB5aOAIXtS0U7kpcmpcEj/Q5zJDpfQktPJkkM04u0M2C+K J7e0HWy58lXxyV4eHnwVrRWgfgeDtZ4caqRBW/Onx9lFDrc56JZD/xaCoP1M42HNtCA0 9OZoeBOfbYu1E0DYL/1YOJxixon1G7ui1kOF3ATmpSVZTEYHY5ARRfPyMRzb+8nEKUdI VhM/yj1C8WXumfzaRvRsYgJlhenhFERNNnE067BiD0IE90Y01lIB9o+f4Su077je91d9 PlYvCCjwARAmZBY1F9a+BKnSddQXt2dx2nVVCl5B+w2ipht2Dc/qcK4uslqTVT9P0aSM 58ew== X-Gm-Message-State: AOAM5307yf49T7nue/PkGXTr8Mz+PzijHGKSq+n1KTKrjwvT2koK6AtA MIhdTTgSt4mCAvFb2s4vQNx4O4/z4YI= X-Google-Smtp-Source: ABdhPJwVfnPC3d8ByzamLkr+f44iQIsd3m0ssAR7U4dC91VlHo3klNH+UrjVtYEu3fegi6zBhjgXMQ== X-Received: by 2002:a05:6402:3588:: with SMTP id y8mr24173570edc.328.1636127164993; Fri, 05 Nov 2021 08:46:04 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:04 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 30/36] libsepol: validate ocontexts Date: Fri, 5 Nov 2021 16:45:32 +0100 Message-Id: <20211105154542.38434-31-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check the literal contexts in ocontext statements are defined. ==91274==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f60b0afe8c6 bp 0x7ffd42edc990 sp 0x7ffd42edc148 T0) ==91274==The signal is caused by a READ memory access. ==91274==Hint: address points to the zero page. #0 0x7f60b0afe8c6 string/../sysdeps/x86_64/multiarch/../strlen.S:120 #1 0x4bd128 in __interceptor_strlen (./out/binpolicy-fuzzer+0x4bd128) #2 0x5eb387 in create_str_helper ./libsepol/src/kernel_to_common.c:69:10 #3 0x5eb11e in create_str ./libsepol/src/kernel_to_common.c:99:8 #4 0x56ad7b in context_to_str ./libsepol/src/kernel_to_conf.c:2408:9 #5 0x56a717 in write_sid_context_rules_to_conf ./libsepol/src/kernel_to_conf.c:2441:9 #6 0x55b26c in write_selinux_isid_rules_to_conf ./libsepol/src/kernel_to_conf.c:2476:9 #7 0x55b26c in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3206:8 #8 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:38:9 #9 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #10 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #11 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #12 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #13 0x7f60b0a887ec in __libc_start_main csu/../csu/libc-start.c:332:16 #14 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- v2: also check in base modules Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 44 ++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 57eb2550..96f133c9 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -736,6 +736,47 @@ static int validate_filename_trans_hashtab(sepol_handle_t *handle, hashtab_t fil return 0; } +static int validate_context(context_struct_t *con, validate_t flavors[], int mls) +{ + if (validate_value(con->user, &flavors[SYM_USERS])) + return -1; + if (validate_value(con->role, &flavors[SYM_ROLES])) + return -1; + if (validate_value(con->type, &flavors[SYM_TYPES])) + return -1; + if (mls && validate_mls_range(&con->range, &flavors[SYM_LEVELS], &flavors[SYM_CATS])) + return -1; + + return 0; +} + +static int validate_ocontexts(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) +{ + ocontext_t *octx; + unsigned int i; + + for (i = 0; i < OCON_NUM; i++) { + for (octx = p->ocontexts[i]; octx; octx = octx->next) { + if (validate_context(&octx->context[0], flavors, p->mls)) + goto bad; + + switch (i) { + case OCON_FS: + case OCON_NETIF: + if (validate_context(&octx->context[1], flavors, p->mls)) + goto bad; + break; + } + } + } + + return 0; + +bad: + ERR(handle, "Invalid ocontext"); + return -1; +} + /* * Functions to validate a module policydb */ @@ -936,6 +977,9 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p) goto bad; } + if (validate_ocontexts(handle, p, flavors)) + goto bad; + if (validate_scopes(handle, p->scope, p->global)) goto bad; From patchwork Fri Nov 5 15:45:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91D69C43217 for ; Fri, 5 Nov 2021 15:46:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7BA5D61108 for ; Fri, 5 Nov 2021 15:46:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231833AbhKEPsy (ORCPT ); Fri, 5 Nov 2021 11:48:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44888 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233357AbhKEPsr (ORCPT ); Fri, 5 Nov 2021 11:48:47 -0400 Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E633BC061210 for ; Fri, 5 Nov 2021 08:46:06 -0700 (PDT) Received: by mail-ed1-x536.google.com with SMTP id g14so34006805edz.2 for ; Fri, 05 Nov 2021 08:46:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Qvzdy3z/bjxmFj9R7taifjioJvbGerT5kfjGLfP21v0=; b=gijWSWLFpl+PuVwe9KzcO1ggUYr0rtA3bVAjmtEafDH7vWohNOMD/o7w6+YmH5HwEP Vhwx8iS7EMJHZV03mGOshfBKTdyg7gx47mxOoOEyA6dgqhlvQBQlAMrqVJjY5MphICMM 1r6GGj4HgJkgkjc5+rxP8sXwR8hCXoR5PCL4+BWZsXNQgN20+RF49AvbSbnrFuuZYxfj dBdxzcFr4WKGOndOJTjrF21DdaNkoT2NeuIo6XEbx3jAhOGW4MTVVBB8GhNZBhVuz0Rf S93K+Dg4yS5C95sAhn7taxbUHsG0rsivyv+C/kB3Yo9hSAWCEoO85CYPvJRUjhBuxP2r h0Hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Qvzdy3z/bjxmFj9R7taifjioJvbGerT5kfjGLfP21v0=; b=n44bZXB9fLIO+HAnp+RK0liAao15+cC0PHJVUp2OAiBZfCyDB+uSjw8gNmoqYLV1BD a8Pcu3c9tqs8wVvgiaOfQCGee5lyiDX+AzPAL4coFTnVUo8dNE+7XJrmIob90aQdCNjP skdFPbyhvTfnlSZd0l8D9rWUECUHrj8ndz5szRB9x7BUYISxmqz9wplP0Y1hBBhtIxma P+qp5Fv4ZMDNeXEMbxNA64wUN9LDl0Ho/cmVOfcsEDZisntrPkE8/XWTsIpe5arKAqch 7oU9Jfqb1Td1uY4yL5VBoF8LIYslpW7WpSalgUGAIzOvplVwmSDC9qBD3Nmu7Dmc9kpG 8bcQ== X-Gm-Message-State: AOAM532W7EbAjtwu3sSVm9Y5JuLJez72W3d8bN5wsWlUuR2jLAi7sYF1 /fMz9ufHQeuN6aDpPRdUV3OCMn7twQY= X-Google-Smtp-Source: ABdhPJyQXwCdOzwfV+r66VJKovmn+kgRCkzJrs7niavF0fjfbqn/SRVffeyllRqjr4vyEzVViTST7Q== X-Received: by 2002:a17:906:2887:: with SMTP id o7mr70853503ejd.425.1636127165523; Fri, 05 Nov 2021 08:46:05 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:05 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 31/36] libsepol: validate genfs contexts Date: Fri, 5 Nov 2021 16:45:33 +0100 Message-Id: <20211105154542.38434-32-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check the literal contexts in a genfs statement are defined. Signed-off-by: Christian Göttsche --- v2: also check in base modules --- libsepol/src/policydb_validate.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 96f133c9..5cec143f 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -777,6 +777,25 @@ bad: return -1; } +static int validate_genfs(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) +{ + genfs_t *genfs; + ocontext_t *octx; + + for (genfs = p->genfs; genfs; genfs = genfs->next) { + for (octx = genfs->head; octx; octx = octx->next) { + if (validate_context(&octx->context[0], flavors, p->mls)) + goto bad; + } + } + + return 0; + +bad: + ERR(handle, "Invalid genfs"); + return -1; +} + /* * Functions to validate a module policydb */ @@ -980,6 +999,9 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p) if (validate_ocontexts(handle, p, flavors)) goto bad; + if (validate_genfs(handle, p, flavors)) + goto bad; + if (validate_scopes(handle, p->scope, p->global)) goto bad; From patchwork Fri Nov 5 15:45:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605023 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DC1F5C43219 for ; Fri, 5 Nov 2021 15:46:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C7E7561108 for ; Fri, 5 Nov 2021 15:46:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232890AbhKEPsy (ORCPT ); Fri, 5 Nov 2021 11:48:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44894 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231701AbhKEPss (ORCPT ); Fri, 5 Nov 2021 11:48:48 -0400 Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A4B9C061205 for ; Fri, 5 Nov 2021 08:46:07 -0700 (PDT) Received: by mail-ed1-x52c.google.com with SMTP id c8so17815250ede.13 for ; Fri, 05 Nov 2021 08:46:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=2YWtbflnxQp3ilDmPryEy4at+biC5YAKzIeHSD6+JUo=; b=JXT3iCsqfJumYhTDHjYFUPk3QtVcmmcbRCVTh32EPeageWianc0nI6RNjrTQ/cOFv2 f7VOxRRhyeT0GATCm2t4/d/7HCDomsXsPRiOOJoNnb6itmANAgXTCfrUhlPjWSFmkNZS AVg0Gf0ryeviFdJqoyHb5+uZ34W5YqeYnPgGjta5MnoUx9Hh+RDokBgFwqJy1cD7hURi cdrOf4EAvtS0wxwHvsdh7zH1HqzDBcbhbs9D6us8ijmGt1S+XdRz68yRcH1Jk5MAPcsk WzLyz67AAgDUCqVE1B8gHuaweAhmkhDdDfpx/MR7H29F54RSyIipZcaARFu7KetEVxsU Fuag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2YWtbflnxQp3ilDmPryEy4at+biC5YAKzIeHSD6+JUo=; b=ETo9dnIjmYgJysZfh82zpyrDQ0JZwPv6mA34hMljWvaPoM/mm7Td15dSTkMS4wHlfb 0Uv4G6qgT9/h4+HPRHeXsMXRpI2oqnLqOdENc1QPJRrdtqx+Zm4isLe+7uTCeqN0wofU 6G/K4SMeCIRTMLsuXn18BqsBMYR8sxGxETRjkIaw9Qlwut0qjfO07W16DNU87Jy93vzk L82EXzveEZLPdhFsPHpQY2cJJDyJwQLG0N1LMOF98CyHsrCLOHPDTdo33PiS+WzLZARl 7gsXSy73rYJ015ZpQG3pWGpMhIHCXzhV5FYThW3dsRCRJyabgZ3q1iBSfBvSV+/4KB81 t1Sw== X-Gm-Message-State: AOAM53078X9LX/Ev8EkGZum64iXLFTb2NFSosI8/yXX9LFXTUdiub4JE rDh/NLoeaJFHqPi0PauXUUGKMss02bc= X-Google-Smtp-Source: ABdhPJzgJ3GX7sR6tkmmOKrjxYTwGFy4I4sR725v5J74zOyc+lLJQxUmSKAP18iV1Yz5jx+RFZLVHQ== X-Received: by 2002:a17:907:6d07:: with SMTP id sa7mr55759213ejc.339.1636127166065; Fri, 05 Nov 2021 08:46:06 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:05 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 32/36] libsepol: validate permissive types Date: Fri, 5 Nov 2021 16:45:34 +0100 Message-Id: <20211105154542.38434-33-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 5cec143f..ffa21ee1 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -959,6 +959,23 @@ bad: return -1; } +static int validate_permissives(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) +{ + ebitmap_node_t *node; + unsigned i; + + ebitmap_for_each_positive_bit(&p->permissive_map, node, i) { + if (validate_value(i, &flavors[SYM_TYPES])) + goto bad; + } + + return 0; + +bad: + ERR(handle, "Invalid permissive type"); + return -1; +} + static void validate_array_destroy(validate_t flavors[]) { unsigned int i; @@ -1011,6 +1028,9 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p) if (validate_datum_array_entries(handle, p, flavors)) goto bad; + if (validate_permissives(handle, p, flavors)) + goto bad; + validate_array_destroy(flavors); return 0; From patchwork Fri Nov 5 15:45:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605029 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C1070C4332F for ; Fri, 5 Nov 2021 15:46:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id ADA7461183 for ; Fri, 5 Nov 2021 15:46:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232665AbhKEPsz (ORCPT ); Fri, 5 Nov 2021 11:48:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44898 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233527AbhKEPss (ORCPT ); Fri, 5 Nov 2021 11:48:48 -0400 Received: from mail-ed1-x535.google.com (mail-ed1-x535.google.com [IPv6:2a00:1450:4864:20::535]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 09453C061226 for ; Fri, 5 Nov 2021 08:46:08 -0700 (PDT) Received: by mail-ed1-x535.google.com with SMTP id j21so34371964edt.11 for ; Fri, 05 Nov 2021 08:46:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=zSLcHCxAMmGMuhGNCJuJBcZvjfA97yIE1RNGGNKjbpM=; b=e/YDhF2IJmjWafXwbrmJWXCT/CGgsACX/wJ4jBFEUXoHcZ8Q9kvK0LhQ2LBdSd+ROe 3hl7bKuPJMd+JVBTBfjTybwieQyQoJZmNgTT+N8Q3C3YKfJk6ibWxDt+SCCaqS7ceMVM GgY0eX++JIngreoGA0+8vswqmk8X3wajeqF5ThAoxI5wDAswGAr+63pCNYF8GjaxqN0I uYnNppIeJzlFL9yhzN5P7aoQ1pc/SLi3CYmhi/LaRtu0eNHgXDehBUtRpiA77KEQAuJ7 mNLTLhOtTO9w9Rw5HtEeq2LcCit99gkdQRaE0V1PTapvlX9LyaNtXZW9fUFXQvq43OqQ izuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zSLcHCxAMmGMuhGNCJuJBcZvjfA97yIE1RNGGNKjbpM=; b=38mOJcWC6zUMQIWyQZSGIUoinC+vmr4Tbp064l0S3Ltk5G104dsfZVDi5RbsFVfbis AMxz2dYuC+goRAfNHmP26O8Nn10VjhGTj5bnp0sKnt1kXg4n1BCR2i2STSCpcdhMsAq+ HK9kHYVEqaqRMj8lfgQhaGChIikO6nfX7XExugGFexbatYfDb5iQbqdAu+ZqZ7rmsCzr AjzsxyYy6JW1tvF+HYKYWNnhCaKz3t3ucrBVjX9JZlVpExMCajQuR4HpBa0Bh5syhVCh IYrXOaBpsVCkMz/CbdkHID0IAiXwvFZt2k2n1W41dcHr/bZ7ydi7ujQ4n5K4atpQnluu 763Q== X-Gm-Message-State: AOAM532cNkxHSWrUNN4Z9YOrSBTvEUyFny3xv+gUH0oGhHi3ZB+hdY1T ZoK8qi+GBKBmT14DX2EXJ7TLlYK297A= X-Google-Smtp-Source: ABdhPJwIALlo26E1pLOHLVws6Q43yGJ5i8La4xcCROBnkOiNejI7P00QdIW+FlVbMcZjkibQH3Zqfg== X-Received: by 2002:a17:906:128d:: with SMTP id k13mr73587285ejb.517.1636127166637; Fri, 05 Nov 2021 08:46:06 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:06 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 33/36] libsepol: validate policy properties Date: Fri, 5 Nov 2021 16:45:35 +0100 Message-Id: <20211105154542.38434-34-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 51 ++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index ffa21ee1..27f25132 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -976,6 +976,54 @@ bad: return -1; } +static int validate_properties(sepol_handle_t *handle, policydb_t *p) +{ + switch (p->policy_type) { + case POLICY_KERN: + if (p->policyvers < POLICYDB_VERSION_MIN || p->policyvers > POLICYDB_VERSION_MAX) + goto bad; + break; + case POLICY_BASE: + case POLICY_MOD: + if (p->policyvers < MOD_POLICYDB_VERSION_MIN || p->policyvers > MOD_POLICYDB_VERSION_MAX) + goto bad; + break; + default: + goto bad; + } + + switch (p->target_platform) { + case SEPOL_TARGET_SELINUX: + case SEPOL_TARGET_XEN: + break; + default: + goto bad; + } + + switch (p->mls) { + case 0: + case 1: + break; + default: + goto bad; + } + + switch (p->handle_unknown) { + case SEPOL_DENY_UNKNOWN: + case SEPOL_REJECT_UNKNOWN: + case SEPOL_ALLOW_UNKNOWN: + break; + default: + goto bad; + } + + return 0; + +bad: + ERR(handle, "Invalid policy property"); + return -1; +} + static void validate_array_destroy(validate_t flavors[]) { unsigned int i; @@ -995,6 +1043,9 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p) if (validate_array_init(p, flavors)) goto bad; + if (validate_properties(handle, p)) + goto bad; + if (p->policy_type == POLICY_KERN) { if (validate_avtab(handle, &p->te_avtab, flavors)) goto bad; From patchwork Fri Nov 5 15:45:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C0DCC433FE for ; Fri, 5 Nov 2021 15:46:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 19F7761183 for ; Fri, 5 Nov 2021 15:46:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231701AbhKEPsz (ORCPT ); Fri, 5 Nov 2021 11:48:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44874 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233549AbhKEPst (ORCPT ); Fri, 5 Nov 2021 11:48:49 -0400 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B0033C06120B for ; Fri, 5 Nov 2021 08:46:08 -0700 (PDT) Received: by mail-ed1-x534.google.com with SMTP id c8so17815424ede.13 for ; Fri, 05 Nov 2021 08:46:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=TUlCeo2ndy15KZjUrKbJDXWsVa9xRreKhVZbeV9c6B4=; b=ptisX0dE4bf4Vux3mzI8+IAf7ARgdKCOjOKr5mSrNbEPzLxJG6S8TFcrqmb2lw4EpQ bOe95qEQp/qFkBwq1DLrc43i8S1trCWXxOcaBeHyZqKUE5oiCtpbFyejzfU0CcCQLblJ hkYf8VZBIUxpeBSBItz8LSWMDvQjQjg/Qkvkqg/4lT9CNAK9RINqVWNyMCds4DiBqRQq eAIPLDAfkiRA2irzXg+5fBwyB9CTzbE/EbLlQE+aiFCOdaMDcjxVAYMadsAKcPGMyxr2 8VM2JlveaukbS0PZpJlvfnkDE3ajMk0Zy0ihp6HTQcZqrF1wx5UCJDLlxTaOuABZLtRK 3N+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TUlCeo2ndy15KZjUrKbJDXWsVa9xRreKhVZbeV9c6B4=; b=39qR5IBDN5QEHfFjgMErHPMvz00c3A0ncIy7XejpstCyUo3kF2Owz7D9o5y+XZLhqX VJoFEpvinkLHpMW3Ni/v273Yg3g14JaaXvff4KramnDWG0v7TV1yY12WqjSitXbaoAOk cvKdM/TGAbR8boznFXGqsAoMOayFGhwkoixGC+GE67LAmaXC8CFaVub3fK8BO0ZXk3jZ FJ/9+SJtAbDZX+9pELXvcj6fmmQG0Rr5vDpZl1hV3l1Qs6PcHsMpb4bKM5/rOd1wWf7V vVoN7IrxL23Iuw54ddwqKfg03U+TRZTzHHjmm79RWZIvyXSI0LqvCADRBqyGmKcndb3P 3NNw== X-Gm-Message-State: AOAM531JXz65NHk6Kqz5a2YoyQnQDF6EgTvaHfMs2RMF+uKhXFjv30r/ 3ziSrZELvv0wGeALPCafjtVMhmGCxQQ= X-Google-Smtp-Source: ABdhPJwBT4VBtdADioAszkvzG8c/H0gkXso1VPkJl43RYYOdkw/fElRpJI4jdORuFlr0HsD9zZgVTQ== X-Received: by 2002:a17:906:1112:: with SMTP id h18mr4249915eja.50.1636127167305; Fri, 05 Nov 2021 08:46:07 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:07 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 34/36] libsepol: validate categories Date: Fri, 5 Nov 2021 16:45:36 +0100 Message-Id: <20211105154542.38434-35-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check all categories have valid values, especially important for aliases. ==7888==ERROR: AddressSanitizer: SEGV on unknown address 0x602000400710 (pc 0x00000055debc bp 0x7ffe0ff2a9d0 sp 0x7ffe0ff2a8e0 T0) ==7888==The signal is caused by a READ memory access. #0 0x55debc in write_category_rules_to_conf ./libsepol/src/kernel_to_conf.c:946:9 #1 0x55debc in write_mls_rules_to_conf ./libsepol/src/kernel_to_conf.c:1137:7 #2 0x55adb1 in sepol_kernel_policydb_to_conf ./libsepol/src/kernel_to_conf.c:3106:7 #3 0x55a34f in LLVMFuzzerTestOneInput ./libsepol/fuzz/binpolicy-fuzzer.c:37:9 #4 0x45aed3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) fuzzer.o #5 0x446a12 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) fuzzer.o #6 0x44c93b in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) fuzzer.o #7 0x475dd2 in main (./out/binpolicy-fuzzer+0x475dd2) #8 0x7fe80ccaf7ec in __libc_start_main csu/../csu/libc-start.c:332:16 #9 0x423689 in _start (./out/binpolicy-fuzzer+0x423689) Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 27f25132..9b18ac68 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -485,6 +485,14 @@ bad: return -1; } +static int validate_datum(__attribute__ ((unused))hashtab_key_t k, hashtab_datum_t d, void *args) +{ + symtab_datum_t *s = d; + uint32_t *nprim = (uint32_t *)args; + + return !value_isvalid(s->value, *nprim); +} + static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) { map_arg_t margs = { flavors, handle, p->mls }; @@ -507,6 +515,9 @@ static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, v if (p->mls && hashtab_map(p->p_levels.table, validate_level_datum, flavors)) goto bad; + if (hashtab_map(p->p_cats.table, validate_datum, &flavors[SYM_CATS])) + goto bad; + return 0; bad: @@ -903,14 +914,6 @@ bad: return -1; } -static int validate_datum(__attribute__ ((unused))hashtab_key_t k, hashtab_datum_t d, void *args) -{ - symtab_datum_t *s = d; - uint32_t *nprim = (uint32_t *)args; - - return !value_isvalid(s->value, *nprim); -} - static int validate_symtabs(sepol_handle_t *handle, symtab_t symtabs[], validate_t flavors[]) { unsigned int i; From patchwork Fri Nov 5 15:45:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605031 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35F84C433EF for ; Fri, 5 Nov 2021 15:46:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1EC5061183 for ; Fri, 5 Nov 2021 15:46:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233436AbhKEPs4 (ORCPT ); Fri, 5 Nov 2021 11:48:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44866 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233574AbhKEPst (ORCPT ); Fri, 5 Nov 2021 11:48:49 -0400 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5C9C4C06120A for ; Fri, 5 Nov 2021 08:46:09 -0700 (PDT) Received: by mail-ed1-x52f.google.com with SMTP id v11so31974229edc.9 for ; Fri, 05 Nov 2021 08:46:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=AFTYGqfNHrZJ1ACQz2/zGM09rICj9wugDVtYqFIeVTI=; b=AYfA8F1kBcxiqBt98G0skwq9C5j24xz5OI8K8Dv7SI+AjRNWpbFThEfMBvh1hYmf55 Ban8GTYzXGclHUg3eT4Sboi4139w4Y0rzUu6Nz90tpzrebum/9Iwmy+nV+0uv7RcjQFo UEhHd8BDeS8ISd17rYfs+zgqIGfuQ/uoqD2SewTGdFsrni52R4ct8zmQLzcEMNQg/9cZ SsQcMt9ZR1zCApYEw+fCGd7Zrz1/WEZ7eiBb8X+8H40eM+dJt08h0KN7iRMwd9X40xAZ 0bseegvMLyNYquSGfkxMGmjgZymFxJOj6S3GHzm+jYyUBfqFqWNplO7mL9Yph0KgKTgj rQmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AFTYGqfNHrZJ1ACQz2/zGM09rICj9wugDVtYqFIeVTI=; b=3tN3rU7XY3lW4LOVoJHBZfp0ZtHy8HNw1dNwVPafnmB5sNSiWBNw6s3o2EGpPqcjgF kr20U9e3ZWqK6BOZYtG2NT9Lo6TrlgvQYA2IKi1jeTUyd6pU7G9SdS6z1JldtwQqsS/X OvkVvehL1skQV9nRciGTsYlDQ6jk+eSjdJJsT+r0nizgXUI3lhBUqDy07NSJBe0WUtWP Ctxm2PlW15rtaRYwGRM0cxZr1dxhdyjVRSVKIIZkvTNlsahpcKlpT34jhp3z2S4YgPZo 1TNwZ0typjbK/zaxUvkpe9QKAATKGOYezSZm4+OKdHq+jlUnfQpl20U5mUF7ScvgVLVL 514Q== X-Gm-Message-State: AOAM532lw6gL9MuRoBSNf85WFw4oHByC6AAnOKIHidDpnAeBP/plg+j3 WNffF7CDtdQ146KkW5YRz7gnxNcvMDg= X-Google-Smtp-Source: ABdhPJy7dZXoIRfNYqGzdPzFBfLi1oMmodXMgqbbRVvtNN7X/SqM1QimyNzQ/QzGILhPmI7sURblSw== X-Received: by 2002:a17:906:5811:: with SMTP id m17mr73808420ejq.289.1636127167894; Fri, 05 Nov 2021 08:46:07 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:07 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 35/36] libsepol: validate fsuse types Date: Fri, 5 Nov 2021 16:45:37 +0100 Message-Id: <20211105154542.38434-36-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check the fsuse type is valid, e.g. of type xattr, trans or task. Signed-off-by: Christian Göttsche --- v2: do not reject in binary reading, but check at validation step --- libsepol/src/policydb_validate.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 9b18ac68..1c5ca0dd 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -2,6 +2,7 @@ #include #include #include +#include #include "debug.h" #include "policydb_validate.h" @@ -777,6 +778,15 @@ static int validate_ocontexts(sepol_handle_t *handle, policydb_t *p, validate_t if (validate_context(&octx->context[1], flavors, p->mls)) goto bad; break; + case OCON_FSUSE: + switch (octx->v.behavior) { + case SECURITY_FS_USE_XATTR: + case SECURITY_FS_USE_TRANS: + case SECURITY_FS_USE_TASK: + break; + default: + goto bad; + } } } } From patchwork Fri Nov 5 15:45:38 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605027 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0325BC433F5 for ; Fri, 5 Nov 2021 15:46:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E35C961183 for ; Fri, 5 Nov 2021 15:46:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233401AbhKEPsz (ORCPT ); Fri, 5 Nov 2021 11:48:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44868 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233436AbhKEPst (ORCPT ); Fri, 5 Nov 2021 11:48:49 -0400 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8E12C06120C for ; Fri, 5 Nov 2021 08:46:09 -0700 (PDT) Received: by mail-ed1-x52f.google.com with SMTP id w1so34807137edd.10 for ; Fri, 05 Nov 2021 08:46:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=lDrA8BJbz2yokQyMSFSVlfVGj1rE2IL0NV6E3IrYlnI=; b=N9n26k5v7kcdlDHMNWDicshziVVjTmXTjbsstD66b7U6kY5yLOYHUrReS4R8v37maT GYh58WzMa16TS53ZyqvEVWR0MkeHZBV/eZBi0dTjvXOwTKIb1A1+eW4xOIc1EmL1UMuW XzSkLS0pA8cnpT0YE97LA8jLa9oMLtOvgXuiSI3RsV/m9uBl6zDRP70iSmT6XJ7zl4RZ R7xWmaHNx9ZNBGxTdkKwPbkcfZvpGCQ70AOFwsTdD+5tahcDid9S9j4+sh7lyp4KjQPy WFpPpwE6YUdhZ4e4cHVjr68rv04j3s40Ao+xBLHLyNBpwSgW8AYU4rCHQ6ZqIwWrbBGt KKKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=lDrA8BJbz2yokQyMSFSVlfVGj1rE2IL0NV6E3IrYlnI=; b=MJKY4B7XKcFKbGM4vh45jADgAQKfr41f7jtkOOQrqTNaHuDqFdBBnCrYlUDGrviZCK haMZtvXCVB3k6YFgEYRpqa9jIP95KwUcFJ4f+rPmqohd/KFab56UT260gY4HynxDlteA heZG3CbSSQchAMm5P6jr38NMPOtDLAi7MujLCw3+HmYmsU6lvFuqDyYvpNRzoP4UTnkk 4tM7sgh/juEr1ZzLhJUnrXILXP2/9OQXqGjr3HmOeVd5ac1i9fBBFWI9aN/rhetd07Ez H6fXad9dsJkApusD/VE7BCTzsPcwB+xXTcTcEz6cECE4boeAygWiobdZ55Tlo8y207+L Y88Q== X-Gm-Message-State: AOAM5317yB2a5r69ToMLppJOsHEZl1rkr5vTLHnHXcNQGVLR46nYyXMP d/iUGDxXyWTiJOPhVJ0AIuXOPe/dehc= X-Google-Smtp-Source: ABdhPJynP4yshkbe3MWhGbB9pLhLruY3Tec1X8R+2fM/9ff6YE9RXoZRVYdh0ttJsZ0MMv5Q6VUIZg== X-Received: by 2002:a17:907:6d05:: with SMTP id sa5mr60492545ejc.246.1636127168426; Fri, 05 Nov 2021 08:46:08 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:08 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 36/36] libsepol: validate class default targets Date: Fri, 5 Nov 2021 16:45:38 +0100 Message-Id: <20211105154542.38434-37-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check the class default targets are valid values, e.g. source or target for user, role and type. Signed-off-by: Christian Göttsche --- v2: do not reject in binary reading, but check at validation step --- libsepol/src/policydb_validate.c | 41 ++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 1c5ca0dd..b7868fbe 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -258,6 +258,47 @@ static int validate_class_datum(sepol_handle_t *handle, class_datum_t *class, va if (class->permissions.nprim > PERM_SYMTAB_SIZE) goto bad; + switch (class->default_user) { + case 0: + case DEFAULT_SOURCE: + case DEFAULT_TARGET: + break; + default: + goto bad; + } + + switch (class->default_role) { + case 0: + case DEFAULT_SOURCE: + case DEFAULT_TARGET: + break; + default: + goto bad; + } + + switch (class->default_type) { + case 0: + case DEFAULT_SOURCE: + case DEFAULT_TARGET: + break; + default: + goto bad; + } + + switch (class->default_range) { + case 0: + case DEFAULT_SOURCE_LOW: + case DEFAULT_SOURCE_HIGH: + case DEFAULT_SOURCE_LOW_HIGH: + case DEFAULT_TARGET_LOW: + case DEFAULT_TARGET_HIGH: + case DEFAULT_TARGET_LOW_HIGH: + case DEFAULT_GLBLUB: + break; + default: + goto bad; + } + return 0; bad: From patchwork Fri Nov 5 15:45:39 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605033 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6882C43219 for ; Fri, 5 Nov 2021 15:46:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9238961183 for ; Fri, 5 Nov 2021 15:46:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233539AbhKEPs4 (ORCPT ); Fri, 5 Nov 2021 11:48:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44916 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233450AbhKEPsw (ORCPT ); Fri, 5 Nov 2021 11:48:52 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CAA70C061205 for ; Fri, 5 Nov 2021 08:46:10 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id m14so33821516edd.0 for ; Fri, 05 Nov 2021 08:46:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=WJ48X5EYCVnDkQ6/1hzc8CgV5k/cfcCf7jzmlWaCeJk=; b=KT3IBvZP9gYtu/sG2oNfnLWJ4pKEdm0WkP0RHyrlWx3T1tMiWVgDfIIGO4oxF2VDzR Glid41eNpwao7HPV7hf+O4k+RykDYV7FIpBYAs8ufWAtqm9Gm18GWsHuyKwemK9FBcPe wSqoyj/FBK1Ypvs9s/p0xfV2P25RyB7lMp/obEQcW+fEPNmyAKrx7weDFUv6/nSletl4 80KvImISjFnKpz1XrAb3dgJsD/ej2mLEDsLDin83NtOtdlOZP04r9JYVbQmz536lrqg/ mffzAUR2tEj6Esui024X0I4jY3B0TWmrs1buohEWaF4jynVBjCpvxFG3xRU/FaMqmSWY A7rQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WJ48X5EYCVnDkQ6/1hzc8CgV5k/cfcCf7jzmlWaCeJk=; b=t8sbGmgpecSVc2z5ieCDAZAcI4x5pO5Li5z+AzWRej0IArmcIESReYyoY8113U+zlu vbpgMzRtCUVV/DM6YKt89UcEsACKjt61MpuwRls2Lanek1BRuEw1mU14QMPBzgUhhJNd D5OVxHwzsGh8Hr1JYssTZu+pF3ZP7puvgqm6lGhpj4BOZ8RFsMNb3BrE7j1uklEnM86I 0rkcRMWmE6JeOgHUX4y6pEAMi2i6UuJHiZywG4vOTMrqbqgQXyJpX/2Vp9q3g7urHPJA BXWqtvNeP8lN0mtbJeJeh+I/zR3SLfHRzu/SxeSQdu503Rhk9Mmlh2YiH40yAqBrcc3s NNuA== X-Gm-Message-State: AOAM532stDes/2I0uI2cFso07/tzcIJqjfcnPSSa2krg2q3+QrCEcnB3 Mw/STn1Y1MMoDkpdrfYbrOf70/Wj2Dk= X-Google-Smtp-Source: ABdhPJywKtpGwbbcH5YuYdhKsk+Acyx//Jc/tzAPsBZkGmCbYNad122IC/Cb4gs52I21OhDmxfN6HQ== X-Received: by 2002:a17:906:184a:: with SMTP id w10mr73648918eje.273.1636127169011; Fri, 05 Nov 2021 08:46:09 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:08 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 37/40] [WIP] libsepol: export policydb_validate Date: Fri, 5 Nov 2021 16:45:39 +0100 Message-Id: <20211105154542.38434-38-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Export the interface to validate a policydb structure. It can be used e.g. in compilers to verify they generate valid policies. Signed-off-by: Christian Göttsche --- libsepol/include/sepol/policydb/validate.h | 17 +++++++++++++++++ libsepol/src/policydb_validate.h | 4 +--- 2 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 libsepol/include/sepol/policydb/validate.h diff --git a/libsepol/include/sepol/policydb/validate.h b/libsepol/include/sepol/policydb/validate.h new file mode 100644 index 00000000..eff0779e --- /dev/null +++ b/libsepol/include/sepol/policydb/validate.h @@ -0,0 +1,17 @@ +#ifndef _SEPOL_POLICYDB_VALIDATE_H +#define _SEPOL_POLICYDB_VALIDATE_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +int validate_policydb(sepol_handle_t *handle, policydb_t *p); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/libsepol/src/policydb_validate.h b/libsepol/src/policydb_validate.h index d9f7229b..c2980403 100644 --- a/libsepol/src/policydb_validate.h +++ b/libsepol/src/policydb_validate.h @@ -1,7 +1,5 @@ #include -#include -#include +#include int value_isvalid(uint32_t value, uint32_t nprim); -int validate_policydb(sepol_handle_t *handle, policydb_t *p); From patchwork Fri Nov 5 15:45:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605035 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id ECB99C43217 for ; Fri, 5 Nov 2021 15:46:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D994661183 for ; Fri, 5 Nov 2021 15:46:17 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233477AbhKEPs4 (ORCPT ); Fri, 5 Nov 2021 11:48:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44898 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233294AbhKEPsw (ORCPT ); Fri, 5 Nov 2021 11:48:52 -0400 Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF1B2C06120B for ; Fri, 5 Nov 2021 08:46:10 -0700 (PDT) Received: by mail-ed1-x533.google.com with SMTP id r12so34515478edt.6 for ; Fri, 05 Nov 2021 08:46:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Sb29ZTp2vHfHooQmFLyAg5NPa5IOXfTkfBpi+a7yWxQ=; b=YlmjHexw1HDJvXurwTExJpnT2T7kY79kL2o/tC6HAucai/kN3vitoD29r1UhrUGPZ7 tICQDT4w1bEdbzx5NFzDwf/NqO/O/WJiINJT0l1HwmzbIe4GVJiAtrjW6XzY9DVbbISC J9foYCcxnsoNFOZeiPw4UKUMhEgjX5jsDQuwfia81leRZjqv1h1Gv7UhpxlJxm/ZTm2j enUHAfiqHJBxah+PaxmPZ6XkByjYKeSe9+jATIbgUggrPcRJtTRcC8/h0piTTKvt+Rpi Jbf94OqgjboYQj9qQ7MRMWlLePTN+c7wAgDlA8gLZJWOlwBzMhcXkNAxJd+8chRm237q bI1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Sb29ZTp2vHfHooQmFLyAg5NPa5IOXfTkfBpi+a7yWxQ=; b=wYHscIT6XIMOwAja4IR3y/W0O8htmH38rt/0PSJVymTiTLQ/tWO9sxd4kUoG6ORdKj K/+PR218kRYxkEQPjQcvNWoaAfyNY3QS54hWo6BRK0ryuCELrKymZbuXHVCJjlh2if0i YOU9+gUaMgnYXl9C4qp6Nb0gOhakevO5mxaZivY5WGDwPYBOzPOKVPWn3c2BuQaCN6A+ K2oOHTIOZfJGJoEJTY74YcVozROaowQuHF/nP7jVzDrL9v0PMwlApxJvZg9S0N9JCVwl ecmkY7tAUFntmOjiqqp7bK0v4l5zQNm3ZDEJe16Vv9L1fis90w2KewwW+qoLpGkMtwmX wRcA== X-Gm-Message-State: AOAM531BhN8EF5RbrKp2pQhpdLy57y8K+RPLGphbIi6nI8Y/682JLvp/ gCGPZPw36BNIZ6j9VLhgHictqSrhjKc= X-Google-Smtp-Source: ABdhPJxtb7rtqF0InWioHMui0N4E1QiOCBMTceAy62WDAtNOqlTX029fXQe2kxpMxsCVK7bzGgU4UQ== X-Received: by 2002:a17:907:7850:: with SMTP id lb16mr19556551ejc.67.1636127169496; Fri, 05 Nov 2021 08:46:09 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:09 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 38/40] [WIP] checkpolicy: validate generated policies Date: Fri, 5 Nov 2021 16:45:40 +0100 Message-Id: <20211105154542.38434-39-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org After generating policies validate them. Signed-off-by: Christian Göttsche --- checkpolicy/checkmodule.c | 8 ++++++++ checkpolicy/checkpolicy.c | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c index 3432608b..846e5a36 100644 --- a/checkpolicy/checkmodule.c +++ b/checkpolicy/checkmodule.c @@ -29,6 +29,7 @@ #include #include #include +#include #include "queue.h" #include "checkpolicy.h" @@ -329,6 +330,13 @@ int main(int argc, char **argv) sepol_sidtab_destroy(&sidtab); + modpolicydb.policyvers = policyvers; + + if (validate_policydb(NULL, &modpolicydb)) { + fprintf(stderr, "%s: validation of generated policy failed\n", argv[0]); + exit(1); + } + if (outfile) { FILE *outfp = fopen(outfile, "w"); diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c index 926ce72c..3ce63d06 100644 --- a/checkpolicy/checkpolicy.c +++ b/checkpolicy/checkpolicy.c @@ -87,6 +87,7 @@ #include #include #include +#include #include "queue.h" #include "checkpolicy.h" @@ -652,6 +653,11 @@ int main(int argc, char **argv) } } + if (validate_policydb(NULL, policydbp)) { + fprintf(stderr, "%s: validation of generated policy failed\n", argv[0]); + exit(1); + } + if (outfile) { if (!strcmp(outfile, "-")) { outfp = stdout; From patchwork Fri Nov 5 15:45:41 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605039 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DAC7CC4332F for ; Fri, 5 Nov 2021 15:46:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C68E761108 for ; Fri, 5 Nov 2021 15:46:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233294AbhKEPs5 (ORCPT ); Fri, 5 Nov 2021 11:48:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44920 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233584AbhKEPsw (ORCPT ); Fri, 5 Nov 2021 11:48:52 -0400 Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A66B5C061210 for ; Fri, 5 Nov 2021 08:46:12 -0700 (PDT) Received: by mail-ed1-x52c.google.com with SMTP id f4so34278448edx.12 for ; Fri, 05 Nov 2021 08:46:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=BHirlJ7ZYpgqmnYlUvmQC8IZnbu0+RHCXsyFWEkZ6SQ=; b=lxFmC87iQVmK5j7tiAQSvKBkwz32+bPuTVfOD8Gw09n9hhAv1v1mAD8uiTOy9BJyNX 1fRwUcjtJVzw7ySobnDUpVHlwPcmogx5SkJ4sxCFlVxMn1VgrIVPBbif0xcI4sOh6W4C L/KYA6MxZqiW781i5drWFYY/7UkrNX5Ti4dILYCEVO3IHMRkHR+JQv4rJ5wGzOJNxHmK U8LXwX2UiUnQDmSBKiQ+P63VSgAnAbFnjeOnPSFiASu+dVuiDKrHOb++WtCpIJV90X+9 vZZx8maoi22h5bghiHmSmHhW65bE7vP/vYvDXLYuBHFXIy+2pLqlRNG1BL1gMynZSPTs bySg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BHirlJ7ZYpgqmnYlUvmQC8IZnbu0+RHCXsyFWEkZ6SQ=; b=ZcywcDFScqGl5an/ckC36fnbyIYvhIZw/T6Rgo2u9amfnu+H7x4HQQFa/lBlvxvNtG AyMvcwlXB4//Jo1pF/fYwt+q9XLnrydnlJl2Tj7+U9e4jJdH6aTwH1ynQ3jIXcdSpwHu fNmJ+SZZUMWD5LLRFOdOmSqVzqj89tD82bucqd6ZxO8zZ5u5EKHW8OZtCLGL+3HqMCUZ nTd+nOAGve5mqIx/Af7t+1DckqHQ6LJD7GvaqaAi7gEsemTUwdJqqdLq3F1LTd8ABLiY hfSOmpOWv6PSAqxybJ4b1EYLrBD/VceYNAyQIrUPkYmO232ExdXh6bw7m+eKqqPdUgxF NzDw== X-Gm-Message-State: AOAM530o+a7/l99xL8LPBQWHZZTAF67IDK+4pei3VmCa2qQl1RWBr67V F+JnwaymIurf87H4DoKtMQHZFTVsylw= X-Google-Smtp-Source: ABdhPJydzCeOGInrAmCpVglduEqapZz1gmpn18s71g/XV9qgQVFYYF0VYT5NEAhisxzo1ECdD5Lu3w== X-Received: by 2002:a17:907:6287:: with SMTP id nd7mr20986677ejc.152.1636127169999; Fri, 05 Nov 2021 08:46:09 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:09 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 39/40] [CROSS-PATCH] libsepol: avoid passing NULL pointer to memcpy Date: Fri, 5 Nov 2021 16:45:41 +0100 Message-Id: <20211105154542.38434-40-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org memcpy(3) might be annotated with the function attribute nonnull and UBSan then complains: module.c:296:3: runtime error: null pointer passed as argument 2, which is declared to never be null #0 0x7f2468efa5b3 in link_netfilter_contexts ./libsepol/src/module.c:296 #1 0x7f2468efa5b3 in sepol_link_packages ./libsepol/src/module.c:337 #2 0x562331e9e123 in main ./semodule-utils/semodule_link/semodule_link.c:145 #3 0x7f2467e247ec in __libc_start_main ../csu/libc-start.c:332 #4 0x562331e9d2a9 in _start (./destdir/usr/bin/semodule_link+0x32a9) Signed-off-by: Christian Göttsche --- libsepol/src/module.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libsepol/src/module.c b/libsepol/src/module.c index 4a51f25c..549634b8 100644 --- a/libsepol/src/module.c +++ b/libsepol/src/module.c @@ -293,9 +293,11 @@ static int link_netfilter_contexts(sepol_module_package_t * base, } base->netfilter_contexts = base_context; for (i = 0; i < num_modules; i++) { - memcpy(base->netfilter_contexts + base->netfilter_contexts_len, - modules[i]->netfilter_contexts, - modules[i]->netfilter_contexts_len); + if (modules[i]->netfilter_contexts_len > 0) { + memcpy(base->netfilter_contexts + base->netfilter_contexts_len, + modules[i]->netfilter_contexts, + modules[i]->netfilter_contexts_len); + } base->netfilter_contexts_len += modules[i]->netfilter_contexts_len; } From patchwork Fri Nov 5 15:45:42 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12605037 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A0537C433F5 for ; Fri, 5 Nov 2021 15:46:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8A1A261108 for ; Fri, 5 Nov 2021 15:46:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233450AbhKEPs5 (ORCPT ); Fri, 5 Nov 2021 11:48:57 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44914 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233331AbhKEPsw (ORCPT ); Fri, 5 Nov 2021 11:48:52 -0400 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A5F87C06120E for ; Fri, 5 Nov 2021 08:46:11 -0700 (PDT) Received: by mail-ed1-x52e.google.com with SMTP id w1so34807495edd.10 for ; Fri, 05 Nov 2021 08:46:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=DbM3DHnKmo7NJMjpOjkVy2r7vuSfzXt7aqmLghgXwzY=; b=XgWEPPY3CaVh/NGp4CntDU5g/HKgb1pCs6sUdQBxl444N5rAT1dn9LE7To3E6wzLHR ykYaaKJccqUKRBIoJqPD0pbcH+7LoVAlRKQ+nAIItb/xOz4AhbFBJrF4TXmtneppt420 mLsVT+k4Ptxwjxcxxy8aPNEUaWzrAG1YOOktwaV9y++gDo0PYY0YoSbBj4WWhyk+j2nQ SK9LhfBAQsbXUEvNch6fw1P5PBnAPRmTN3bw8FVq6H/kwzInjZSuKqC5Hdj0lEgxqOjH PjIKEvc3iiNdam9TDbQrh+si5ncGCiixUyxnkhh5cLOecENY/tnNX4NSVdBo73qcyPGV F5Nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=DbM3DHnKmo7NJMjpOjkVy2r7vuSfzXt7aqmLghgXwzY=; b=Qx9tvMtQQngz4F80tqriYFSfOr/bHjw7KdSseD07xglyWtKuzmau/p1D5PXx8eLX+L KS60mGKc/zUma1QHQ6KtfTCMoLx/PT42koD8IM946RysfEo6blvd4CxXpxgRTwrY0ub4 nILXVsx2R7YhYLiP2w/3NBSfme4NXvpNgCTyfiKyBaXbhDO6rXrPZaHMMdvQyFm1uGdB 7P4nP+qINo/NBb8YsITgLOnjUNZMmjS0nUVxo46cwJQ7cs/kuNnGNZKvjtdMVnANkn4v R3OWihj1XVoj0frbp1R4JkGnbt17O09+VXOO0xARMSF2oQBQuWf102K/Yl0Cx0eDhWQs M52A== X-Gm-Message-State: AOAM5336am2VYZhd+0XxUoKgNv1LuZZdQ1DELR3yaqzdS1LWElRJe1f8 34mLtOX1eiOMXLt7eTnDrkQXOiktxpU= X-Google-Smtp-Source: ABdhPJx7bnp41kRKujHSan2CxEMNa03GGbnXgn5UiUR2AL1NQ7viyuboLarvpAMl5VtAgdDxF+RJOg== X-Received: by 2002:a17:907:8a20:: with SMTP id sc32mr46674579ejc.65.1636127170531; Fri, 05 Nov 2021 08:46:10 -0700 (PDT) Received: from debianHome.localdomain (dynamic-077-001-185-074.77.1.pool.telefonica.de. [77.1.185.74]) by smtp.gmail.com with ESMTPSA id u16sm4245474ejy.16.2021.11.05.08.46.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 05 Nov 2021 08:46:10 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [RFC PATCH v2 40/40] [CROSS-PATCH] libsepol: do not pass NULL to memcpy Date: Fri, 5 Nov 2021 16:45:42 +0100 Message-Id: <20211105154542.38434-41-cgzones@googlemail.com> X-Mailer: git-send-email 2.33.1 In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org For the first iteration `mod->perm_map[sclassi]` is NULL, thus do not use it as source of a memcpy(3), even with a size of 0. memcpy(3) might be annotated with the function attribute nonnull and UBSan then complains: link.c:193:3: runtime error: null pointer passed as argument 2, which is declared to never be null Signed-off-by: Christian Göttsche --- v2: drop realloc rewrite, just check for 0 size Signed-off-by: Christian Göttsche --- libsepol/src/link.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libsepol/src/link.c b/libsepol/src/link.c index bd986b7b..dfcb0673 100644 --- a/libsepol/src/link.c +++ b/libsepol/src/link.c @@ -191,8 +191,9 @@ static int permission_copy_callback(hashtab_key_t key, hashtab_datum_t datum, ERR(state->handle, "Out of memory!"); return -1; } - memcpy(newmap, mod->perm_map[sclassi], - mod->perm_map_len[sclassi] * sizeof(*newmap)); + if (mod->perm_map_len[sclassi] > 0) { + memcpy(newmap, mod->perm_map[sclassi], mod->perm_map_len[sclassi] * sizeof(*newmap)); + } free(mod->perm_map[sclassi]); mod->perm_map[sclassi] = newmap; mod->perm_map_len[sclassi] = perm->s.value;