| Message ID | 1464967076-24170-1-git-send-email-brindle@quarksecurity.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
Joshua Brindle wrote: > Bail before running off the end of the class index > This one correctly goes all the way to the end of the classes index, the last version did not. > Change-Id: I47c4eaac3c7d789f8d85047e34e37e3f0bb38b3a > Signed-off-by: Joshua Brindle<brindle@quarksecurity.com> > --- > libsepol/src/services.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/libsepol/src/services.c b/libsepol/src/services.c > index d64a8e8..665fcaa 100644 > --- a/libsepol/src/services.c > +++ b/libsepol/src/services.c > @@ -1155,7 +1155,7 @@ int hidden sepol_string_to_security_class(const char *class_name, > char *class = NULL; > sepol_security_class_t id; > > - for (id = 1;; id++) { > + for (id = 1; id<= policydb->p_classes.nprim; id++) { > class = policydb->p_class_val_to_name[id - 1]; > if (class == NULL) { > ERR(NULL, "could not convert %s to class id", class_name); > @@ -1166,6 +1166,8 @@ int hidden sepol_string_to_security_class(const char *class_name, > return STATUS_SUCCESS; > } > } > + ERR(NULL, "unrecognized class %s", class_name); > + return -EINVAL; > } > > /*
On 06/03/2016 11:17 AM, Joshua Brindle wrote: > Bail before running off the end of the class index > > Change-Id: I47c4eaac3c7d789f8d85047e34e37e3f0bb38b3a > Signed-off-by: Joshua Brindle <brindle@quarksecurity.com> Applied this one and then rewrote it to use hashtab_search(). Not sure why it wasn't that way in the first place. > --- > libsepol/src/services.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/libsepol/src/services.c b/libsepol/src/services.c > index d64a8e8..665fcaa 100644 > --- a/libsepol/src/services.c > +++ b/libsepol/src/services.c > @@ -1155,7 +1155,7 @@ int hidden sepol_string_to_security_class(const char *class_name, > char *class = NULL; > sepol_security_class_t id; > > - for (id = 1;; id++) { > + for (id = 1; id <= policydb->p_classes.nprim; id++) { > class = policydb->p_class_val_to_name[id - 1]; > if (class == NULL) { > ERR(NULL, "could not convert %s to class id", class_name); > @@ -1166,6 +1166,8 @@ int hidden sepol_string_to_security_class(const char *class_name, > return STATUS_SUCCESS; > } > } > + ERR(NULL, "unrecognized class %s", class_name); > + return -EINVAL; > } > > /* >
Stephen Smalley wrote: > On 06/03/2016 11:17 AM, Joshua Brindle wrote: >> Bail before running off the end of the class index >> >> Change-Id: I47c4eaac3c7d789f8d85047e34e37e3f0bb38b3a >> Signed-off-by: Joshua Brindle<brindle@quarksecurity.com> > > Applied this one and then rewrote it to use hashtab_search(). > Not sure why it wasn't that way in the first place. Thank you, that was a much better fix that I should have noticed... > >> --- >> libsepol/src/services.c | 4 +++- >> 1 file changed, 3 insertions(+), 1 deletion(-) >> >> diff --git a/libsepol/src/services.c b/libsepol/src/services.c >> index d64a8e8..665fcaa 100644 >> --- a/libsepol/src/services.c >> +++ b/libsepol/src/services.c >> @@ -1155,7 +1155,7 @@ int hidden sepol_string_to_security_class(const char *class_name, >> char *class = NULL; >> sepol_security_class_t id; >> >> - for (id = 1;; id++) { >> + for (id = 1; id<= policydb->p_classes.nprim; id++) { >> class = policydb->p_class_val_to_name[id - 1]; >> if (class == NULL) { >> ERR(NULL, "could not convert %s to class id", class_name); >> @@ -1166,6 +1166,8 @@ int hidden sepol_string_to_security_class(const char *class_name, >> return STATUS_SUCCESS; >> } >> } >> + ERR(NULL, "unrecognized class %s", class_name); >> + return -EINVAL; >> } >> >> /* >> >
diff --git a/libsepol/src/services.c b/libsepol/src/services.c index d64a8e8..665fcaa 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -1155,7 +1155,7 @@ int hidden sepol_string_to_security_class(const char *class_name, char *class = NULL; sepol_security_class_t id; - for (id = 1;; id++) { + for (id = 1; id <= policydb->p_classes.nprim; id++) { class = policydb->p_class_val_to_name[id - 1]; if (class == NULL) { ERR(NULL, "could not convert %s to class id", class_name); @@ -1166,6 +1166,8 @@ int hidden sepol_string_to_security_class(const char *class_name, return STATUS_SUCCESS; } } + ERR(NULL, "unrecognized class %s", class_name); + return -EINVAL; } /*
Bail before running off the end of the class index Change-Id: I47c4eaac3c7d789f8d85047e34e37e3f0bb38b3a Signed-off-by: Joshua Brindle <brindle@quarksecurity.com> --- libsepol/src/services.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)