| Message ID | 20181023065757.16784-1-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | [v2] libsepol: add missing ibendport port validity check | expand |
On Mon, Oct 22, 2018 at 11:58 PM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > The kernel checks if the port is in the range 1-255 when loading an > ibenportcon rule. Add the same check to libsepol. > > Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling") > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > --- > libsepol/src/policydb.c | 11 +++++++++-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > Changes in v2: > - use UINT8_MAX as the limit for ibendport.port value to emphasize that > it is an 8-bit value > > diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c > index db6765ba..96176d80 100644 > --- a/libsepol/src/policydb.c > +++ b/libsepol/src/policydb.c > @@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, > return -1; > break; > } > - case OCON_IBENDPORT: > + case OCON_IBENDPORT: { > + uint32_t port; > + > rc = next_entry(buf, fp, sizeof(uint32_t) * 2); > if (rc < 0) > return -1; > @@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, > if (len == 0 || len > IB_DEVICE_NAME_MAX - 1) > return -1; > > + port = le32_to_cpu(buf[1]); > + if (port > UINT8_MAX || port == 0) > + return -1; > + > c->u.ibendport.dev_name = malloc(len + 1); > if (!c->u.ibendport.dev_name) > return -1; > @@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, > if (rc < 0) > return -1; > c->u.ibendport.dev_name[len] = 0; > - c->u.ibendport.port = le32_to_cpu(buf[1]); > + c->u.ibendport.port = port; > if (context_read_and_validate > (&c->context[0], p, fp)) > return -1; > break; > + } > case OCON_PORT: > rc = next_entry(buf, fp, sizeof(uint32_t) * 3); > if (rc < 0) > -- > 2.17.2 > ack. I dropped it on top of https://github.com/SELinuxProject/selinux/pull/105 Thanks
On Tue, Oct 23, 2018 at 10:29 AM William Roberts <bill.c.roberts@gmail.com> wrote: > > On Mon, Oct 22, 2018 at 11:58 PM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > > > The kernel checks if the port is in the range 1-255 when loading an > > ibenportcon rule. Add the same check to libsepol. > > > > Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling") > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > > --- > > libsepol/src/policydb.c | 11 +++++++++-- > > 1 file changed, 9 insertions(+), 2 deletions(-) > > > > Changes in v2: > > - use UINT8_MAX as the limit for ibendport.port value to emphasize that > > it is an 8-bit value > > > > diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c > > index db6765ba..96176d80 100644 > > --- a/libsepol/src/policydb.c > > +++ b/libsepol/src/policydb.c > > @@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, > > return -1; > > break; > > } > > - case OCON_IBENDPORT: > > + case OCON_IBENDPORT: { > > + uint32_t port; > > + > > rc = next_entry(buf, fp, sizeof(uint32_t) * 2); > > if (rc < 0) > > return -1; > > @@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, > > if (len == 0 || len > IB_DEVICE_NAME_MAX - 1) > > return -1; > > > > + port = le32_to_cpu(buf[1]); > > + if (port > UINT8_MAX || port == 0) > > + return -1; > > + > > c->u.ibendport.dev_name = malloc(len + 1); > > if (!c->u.ibendport.dev_name) > > return -1; > > @@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, > > if (rc < 0) > > return -1; > > c->u.ibendport.dev_name[len] = 0; > > - c->u.ibendport.port = le32_to_cpu(buf[1]); > > + c->u.ibendport.port = port; > > if (context_read_and_validate > > (&c->context[0], p, fp)) > > return -1; > > break; > > + } > > case OCON_PORT: > > rc = next_entry(buf, fp, sizeof(uint32_t) * 3); > > if (rc < 0) > > -- > > 2.17.2 > > > > ack. I dropped it on top of https://github.com/SELinuxProject/selinux/pull/105 merged: https://github.com/SELinuxProject/selinux/pull/105
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index db6765ba..96176d80 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, return -1; break; } - case OCON_IBENDPORT: + case OCON_IBENDPORT: { + uint32_t port; + rc = next_entry(buf, fp, sizeof(uint32_t) * 2); if (rc < 0) return -1; @@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, if (len == 0 || len > IB_DEVICE_NAME_MAX - 1) return -1; + port = le32_to_cpu(buf[1]); + if (port > UINT8_MAX || port == 0) + return -1; + c->u.ibendport.dev_name = malloc(len + 1); if (!c->u.ibendport.dev_name) return -1; @@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, if (rc < 0) return -1; c->u.ibendport.dev_name[len] = 0; - c->u.ibendport.port = le32_to_cpu(buf[1]); + c->u.ibendport.port = port; if (context_read_and_validate (&c->context[0], p, fp)) return -1; break; + } case OCON_PORT: rc = next_entry(buf, fp, sizeof(uint32_t) * 3); if (rc < 0)
The kernel checks if the port is in the range 1-255 when loading an ibenportcon rule. Add the same check to libsepol. Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling") Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- libsepol/src/policydb.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) Changes in v2: - use UINT8_MAX as the limit for ibendport.port value to emphasize that it is an 8-bit value