| Message ID | 20240813230140.3575291-1-samasth.norway.ananda@oracle.com (mailing list archive) |
|---|---|
| State | Rejected |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | selinux: fix Null pointer deference at sidtab_convert_hashtable() | expand |
On Tue, Aug 13, 2024 at 7:01 PM Samasth Norway Ananda <samasth.norway.ananda@oracle.com> wrote: > > Handle the case where SID (Security Identifier) being looked up was > not found in the SID-to-Domain mapping table. > > Fixes: 66f8e2f03c02 ("selinux: sidtab reverse lookup hash table") > Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda@oracle.com> > --- > This error was found through static analysis tool and has only been > compile tested. > --- > security/selinux/ss/sidtab.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c > index c8848cbba81f..b1fbdeaa8817 100644 > --- a/security/selinux/ss/sidtab.c > +++ b/security/selinux/ss/sidtab.c > @@ -367,6 +367,8 @@ static void sidtab_convert_hashtable(struct sidtab *s, u32 count) > > for (i = 0; i < count; i++) { > entry = sidtab_do_lookup(s, i, 0); > + if (!entry) > + continue; > entry->sid = index_to_sid(i); > entry->hash = context_compute_hash(&entry->context); The number of entries in a sidtab should never decrease, only increase as new labels/contexts are put to use in the system. With that in mind, and looking at the only caller to sidtab_convert_hashtable(), sidtab_convert(), we see that sidtab_convert_hashtable() will always be called with a @count parameter that never larger than the size of the hashtable (although it could be smaller).
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c index c8848cbba81f..b1fbdeaa8817 100644 --- a/security/selinux/ss/sidtab.c +++ b/security/selinux/ss/sidtab.c @@ -367,6 +367,8 @@ static void sidtab_convert_hashtable(struct sidtab *s, u32 count) for (i = 0; i < count; i++) { entry = sidtab_do_lookup(s, i, 0); + if (!entry) + continue; entry->sid = index_to_sid(i); entry->hash = context_compute_hash(&entry->context);
Handle the case where SID (Security Identifier) being looked up was not found in the SID-to-Domain mapping table. Fixes: 66f8e2f03c02 ("selinux: sidtab reverse lookup hash table") Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda@oracle.com> --- This error was found through static analysis tool and has only been compile tested. --- security/selinux/ss/sidtab.c | 2 ++ 1 file changed, 2 insertions(+)