diff mbox series

[v2] libsepol: add missing ibendport port validity check

Message ID 20181023065757.16784-1-omosnace@redhat.com (mailing list archive)
State Not Applicable
Headers show
Series [v2] libsepol: add missing ibendport port validity check | expand

Commit Message

Ondrej Mosnacek Oct. 23, 2018, 6:57 a.m. UTC
The kernel checks if the port is in the range 1-255 when loading an
ibenportcon rule. Add the same check to libsepol.

Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 libsepol/src/policydb.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

Changes in v2:
 - use UINT8_MAX as the limit for ibendport.port value to emphasize that
   it is an 8-bit value

Comments

William Roberts Oct. 23, 2018, 5:29 p.m. UTC | #1
On Mon, Oct 22, 2018 at 11:58 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> The kernel checks if the port is in the range 1-255 when loading an
> ibenportcon rule. Add the same check to libsepol.
>
> Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling")
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
>  libsepol/src/policydb.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
>
> Changes in v2:
>  - use UINT8_MAX as the limit for ibendport.port value to emphasize that
>    it is an 8-bit value
>
> diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> index db6765ba..96176d80 100644
> --- a/libsepol/src/policydb.c
> +++ b/libsepol/src/policydb.c
> @@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
>                                         return -1;
>                                 break;
>                         }
> -                       case OCON_IBENDPORT:
> +                       case OCON_IBENDPORT: {
> +                               uint32_t port;
> +
>                                 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
>                                 if (rc < 0)
>                                         return -1;
> @@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
>                                 if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
>                                         return -1;
>
> +                               port = le32_to_cpu(buf[1]);
> +                               if (port > UINT8_MAX || port == 0)
> +                                       return -1;
> +
>                                 c->u.ibendport.dev_name = malloc(len + 1);
>                                 if (!c->u.ibendport.dev_name)
>                                         return -1;
> @@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
>                                 if (rc < 0)
>                                         return -1;
>                                 c->u.ibendport.dev_name[len] = 0;
> -                               c->u.ibendport.port = le32_to_cpu(buf[1]);
> +                               c->u.ibendport.port = port;
>                                 if (context_read_and_validate
>                                     (&c->context[0], p, fp))
>                                         return -1;
>                                 break;
> +                       }
>                         case OCON_PORT:
>                                 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
>                                 if (rc < 0)
> --
> 2.17.2
>

ack. I dropped it on top of https://github.com/SELinuxProject/selinux/pull/105

Thanks
William Roberts Oct. 25, 2018, 9:07 p.m. UTC | #2
On Tue, Oct 23, 2018 at 10:29 AM William Roberts
<bill.c.roberts@gmail.com> wrote:
>
> On Mon, Oct 22, 2018 at 11:58 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> >
> > The kernel checks if the port is in the range 1-255 when loading an
> > ibenportcon rule. Add the same check to libsepol.
> >
> > Fixes: 118c0cd1038e ("libsepol: Add ibendport ocontext handling")
> > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> > ---
> >  libsepol/src/policydb.c | 11 +++++++++--
> >  1 file changed, 9 insertions(+), 2 deletions(-)
> >
> > Changes in v2:
> >  - use UINT8_MAX as the limit for ibendport.port value to emphasize that
> >    it is an 8-bit value
> >
> > diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> > index db6765ba..96176d80 100644
> > --- a/libsepol/src/policydb.c
> > +++ b/libsepol/src/policydb.c
> > @@ -2854,7 +2854,9 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
> >                                         return -1;
> >                                 break;
> >                         }
> > -                       case OCON_IBENDPORT:
> > +                       case OCON_IBENDPORT: {
> > +                               uint32_t port;
> > +
> >                                 rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
> >                                 if (rc < 0)
> >                                         return -1;
> > @@ -2862,6 +2864,10 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
> >                                 if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
> >                                         return -1;
> >
> > +                               port = le32_to_cpu(buf[1]);
> > +                               if (port > UINT8_MAX || port == 0)
> > +                                       return -1;
> > +
> >                                 c->u.ibendport.dev_name = malloc(len + 1);
> >                                 if (!c->u.ibendport.dev_name)
> >                                         return -1;
> > @@ -2869,11 +2875,12 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
> >                                 if (rc < 0)
> >                                         return -1;
> >                                 c->u.ibendport.dev_name[len] = 0;
> > -                               c->u.ibendport.port = le32_to_cpu(buf[1]);
> > +                               c->u.ibendport.port = port;
> >                                 if (context_read_and_validate
> >                                     (&c->context[0], p, fp))
> >                                         return -1;
> >                                 break;
> > +                       }
> >                         case OCON_PORT:
> >                                 rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
> >                                 if (rc < 0)
> > --
> > 2.17.2
> >
>
> ack. I dropped it on top of https://github.com/SELinuxProject/selinux/pull/105
merged: https://github.com/SELinuxProject/selinux/pull/105
diff mbox series

Patch

diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index db6765ba..96176d80 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -2854,7 +2854,9 @@  static int ocontext_read_selinux(struct policydb_compat_info *info,
 					return -1;
 				break;
 			}
-			case OCON_IBENDPORT:
+			case OCON_IBENDPORT: {
+				uint32_t port;
+
 				rc = next_entry(buf, fp, sizeof(uint32_t) * 2);
 				if (rc < 0)
 					return -1;
@@ -2862,6 +2864,10 @@  static int ocontext_read_selinux(struct policydb_compat_info *info,
 				if (len == 0 || len > IB_DEVICE_NAME_MAX - 1)
 					return -1;
 
+				port = le32_to_cpu(buf[1]);
+				if (port > UINT8_MAX || port == 0)
+					return -1;
+
 				c->u.ibendport.dev_name = malloc(len + 1);
 				if (!c->u.ibendport.dev_name)
 					return -1;
@@ -2869,11 +2875,12 @@  static int ocontext_read_selinux(struct policydb_compat_info *info,
 				if (rc < 0)
 					return -1;
 				c->u.ibendport.dev_name[len] = 0;
-				c->u.ibendport.port = le32_to_cpu(buf[1]);
+				c->u.ibendport.port = port;
 				if (context_read_and_validate
 				    (&c->context[0], p, fp))
 					return -1;
 				break;
+			}
 			case OCON_PORT:
 				rc = next_entry(buf, fp, sizeof(uint32_t) * 3);
 				if (rc < 0)