| Message ID | 20211011162533.53404-16-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | libsepol: add fuzzer for reading binary policies | expand |
On Mon, Oct 11, 2021 at 12:41 PM Christian Göttsche <cgzones@googlemail.com> wrote: > > Reject loading a policy with invalid default targets so that all > following code, e.g. the different output modes, do not need to handle > unsupported ones. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > --- > libsepol/src/policydb.c | 37 +++++++++++++++++++++++++++++++++++++ > 1 file changed, 37 insertions(+) > > diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c > index 980af059..5e8b4a3f 100644 > --- a/libsepol/src/policydb.c > +++ b/libsepol/src/policydb.c > @@ -2313,8 +2313,37 @@ static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) > if (rc < 0) > goto bad; > cladatum->default_user = le32_to_cpu(buf[0]); > + switch (cladatum->default_user) { > + case 0: > + case DEFAULT_SOURCE: > + case DEFAULT_TARGET: > + break; > + default: > + goto bad; > + } > cladatum->default_role = le32_to_cpu(buf[1]); > + switch (cladatum->default_role) { > + case 0: > + case DEFAULT_SOURCE: > + case DEFAULT_TARGET: > + break; > + default: > + goto bad; > + } > cladatum->default_range = le32_to_cpu(buf[2]); > + switch (cladatum->default_range) { > + case 0: > + case DEFAULT_SOURCE_LOW: > + case DEFAULT_SOURCE_HIGH: > + case DEFAULT_SOURCE_LOW_HIGH: > + case DEFAULT_TARGET_LOW: > + case DEFAULT_TARGET_HIGH: > + case DEFAULT_TARGET_LOW_HIGH: > + case DEFAULT_GLBLUB: > + break; > + default: > + goto bad; > + } > } > > if ((p->policy_type == POLICY_KERN && > @@ -2325,6 +2354,14 @@ static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) > if (rc < 0) > goto bad; > cladatum->default_type = le32_to_cpu(buf[0]); > + switch (cladatum->default_type) { > + case 0: > + case DEFAULT_SOURCE: > + case DEFAULT_TARGET: > + break; > + default: > + goto bad; > + } > } > > if (hashtab_insert(h, key, cladatum)) > -- > 2.33.0 > Same comment as for patch 14, I would like to see this in policydb_validate.c and checked when validating the policydb. Thanks, Jim
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 980af059..5e8b4a3f 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2313,8 +2313,37 @@ static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) if (rc < 0) goto bad; cladatum->default_user = le32_to_cpu(buf[0]); + switch (cladatum->default_user) { + case 0: + case DEFAULT_SOURCE: + case DEFAULT_TARGET: + break; + default: + goto bad; + } cladatum->default_role = le32_to_cpu(buf[1]); + switch (cladatum->default_role) { + case 0: + case DEFAULT_SOURCE: + case DEFAULT_TARGET: + break; + default: + goto bad; + } cladatum->default_range = le32_to_cpu(buf[2]); + switch (cladatum->default_range) { + case 0: + case DEFAULT_SOURCE_LOW: + case DEFAULT_SOURCE_HIGH: + case DEFAULT_SOURCE_LOW_HIGH: + case DEFAULT_TARGET_LOW: + case DEFAULT_TARGET_HIGH: + case DEFAULT_TARGET_LOW_HIGH: + case DEFAULT_GLBLUB: + break; + default: + goto bad; + } } if ((p->policy_type == POLICY_KERN && @@ -2325,6 +2354,14 @@ static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) if (rc < 0) goto bad; cladatum->default_type = le32_to_cpu(buf[0]); + switch (cladatum->default_type) { + case 0: + case DEFAULT_SOURCE: + case DEFAULT_TARGET: + break; + default: + goto bad; + } } if (hashtab_insert(h, key, cladatum))
Reject loading a policy with invalid default targets so that all following code, e.g. the different output modes, do not need to handle unsupported ones. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libsepol/src/policydb.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+)